That's SMTP, but w/ the Cisco PIX fixup protocol protecting it. -----Original Message----- From: Mark Sayer [mailto:msayerat_private] Sent: Thursday, August 14, 2003 11:05 PM To: pen-testat_private Subject: Pls. help identify strange service listening on TCP port 25 Howdy folks - No - it's not SMTP - at least nothing I have ever seen before. When connecting to TCP port 25 I get the following banner: 220 ***0*******************************************2************************ *200***0********0**0 On subsquent connections, I get slightly different banners: 220 ***0*******************************************2************************ *200***2********0**0 or 220 ***0*******************************************2************************ *200***2*20*02**0**0 or 220 ***0*******************************************2************************ *200***2*20*****0**0 If I enter more than 1 character of text and press ENTER, I get the error message: 500 web03: unknown command. If I enter a single character and press ENTER, I get no response and the service becomes un-responsive to any further interaction. Looks like FTP return codes - 220 being service ready, and 500 being command not found - but it doesn't seem to want to talk back to me via FTP protocol. I think it's very rude. It's running on a Win2k server with IIS5 installed. Any ideas as to what this might be? Cheers, Mark. ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Aug 15 2003 - 15:25:37 PDT