> -----Original Message----- > From: Greg Owen [mailto:gowen-incidentsat_private] > Sent: Saturday, August 23, 2003 7:51 PM > To: incidentsat_private > Subject: Re: Can anyone identify this possible backdoor? > > Sorry, I should have been a bit more explicit. > > 1) The command line above 'nc 192.168.5.89 2001' is me investigating, > not anything running on or printed by the victim machine. > Netcat may or > may not be in use on the victim machine, but that's not > really my point; > I'm wondering what is sending back the error message here > (and it isn't > netcat, I've grepped the source). > > 2) The first time I connected, I hit 'return', at which point > whatever > is listening printed "<\n> Unrecognized command or Invalid argument > received" where \n was an actual CRLF. Have you tried typing "help" at the prompt? Or "?"? Paul Schmehl (paulsat_private) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 26 2003 - 10:15:29 PDT