Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Security Incidents: Re: Odd identd behavior

Re: Odd identd behavior

From: Mike Owen <kyphros_at_gmail.com>
Date: Mon, 14 Nov 2005 10:40:00 -0800

On 11/14/05, Christopher E. Cramer <chris.cramer_at_duke.edu> wrote:
>
> Mike,
>
> This looks like the output from an FTP server. If I had to guess, I would
> say that this looks like someone compromised a machine and installed a
> warez ftp server on the identd port.
>
> -c
>
> --
> Christopher E. Cramer, Ph.D.
> University Information Technology Security Officer
> Duke University, Office of Information Technology
> 334 Blackwell St., Suite 2106, Durham, NC 27701
> PH: 919-660-7003 FAX: 919-668-2953 CELL: 919-210-0528
>

You're right, it does look like that. I didn't even think that it
might be a standard service running on a different port.

I don't own these machines, so I don't really want to connect to these
servers to find out if it really is ftp. It does seem likely that they
are warez servers.

Thanks,
Mike
Received on Nov 14 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]