Investigating a machine which is spewing SoBig.F and may be compromised, I'm seeing the following response on port 2001/tcp: % nc 192.168.5.89 2001 < > Unrecognized command or Invalid argument received % nc 192.168.5.89 2001 helo <helo> Unrecognized command or Invalid argument received % Google doesn't uncover anything with that error string, and there are more possible uses for port 2001 than a dog has fleas. Does anyone recognize what this listener might be? I don't have physical access to the box, unfortunately, as that would make this much easier to ID. -- gowen -- Greg Owen -- gowen-incidentsat_private 79A7 4063 96B6 9974 86CA 3BEF 521C 860F 5A93 D66D --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Aug 23 2003 - 13:59:55 PDT