Just in case some list readers are wondering *why* this looks like an
FTP server, it's because of the "220-" lines, where 220 is a standard
status code. FTP banners typically have multiple "220-" lines, and
the final banner line is a "220 " (the "-" is used to say "more lines
are coming.")
Even without knowing this signature of the FTP protocol, the banner
messages suggest a multi-user server ("leechers logged in") which is
used for data transfer ("kb leeched" and "kb filled").
- Steve
P.S. To oversimplify, this is the sort of protocol-level knowledge
that might be expected of people with lower-level GIAC certifications
rather than broad-based CISSP certifications.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Nov 02 2002 - 16:46:18 PST