Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Odd identd behavior

from [Andrew Simmons] Network Security [Permanent Link]
Subject: RE: Odd identd behavior
Date: Mon, 14 Nov 2005 20:38:20 -0000 




This looks like the output from an FTP server.  If I had to guess, I would
say that this looks like someone compromised a machine and installed a
warez ftp server on the identd port.




You're right, it does look like that. I didn't even think 
that it might be a standard service running on a different 
port.




nmap -sV -p [port] -v is your friend. Nmap service scan will identify the 
service (http, ldap, whatever), the server's name (apache, openldap,..)  and 
version number (to some approximation) very reliably these days. The most 
rrecent version of nmap included lots of new service fingerprints; if it's a 
custom warez server it may still fingerprint as something recognisable, and if 
not, that in itself tells you something.



\a











______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Odd identd behavior, Brian Smith-Sweeney
Next by Date:  Re: Odd identd behavior, kgp
Previous by Thread:  RE: Odd identd behavior, k levinson
Next by Thread:  RE: Odd identd behavior, Levenglick, Jeff
Indexes:  [Date] [Thread] [Top] [All Lists]