Pls. help identify strange service listening on TCP port 25

From: Mark Sayer (msayer_at_neocomm.com.au)
Date: 08/15/03

  • Next message: Esler, Joel Contractor: "RE: Infrared Vulns on laptops" 
    To: <pen-test@securityfocus.com>
Date: Fri, 15 Aug 2003 13:05:22 +1000

    Howdy folks -

    No - it's not SMTP - at least nothing I have ever seen before. When
    connecting to TCP port 25 I get the following banner:

    220
    ***0*******************************************2************************
    *200***0********0**0

    On subsquent connections, I get slightly different banners:

    220
    ***0*******************************************2************************
    *200***2********0**0

    or

    220
    ***0*******************************************2************************
    *200***2*20*02**0**0

    or

    220
    ***0*******************************************2************************
    *200***2*20*****0**0

    If I enter more than 1 character of text and press ENTER, I get the
    error message:

    500 web03: unknown command.

    If I enter a single character and press ENTER, I get no response and the
    service becomes un-responsive to any further interaction.

    Looks like FTP return codes - 220 being service ready, and 500 being
    command not found - but it doesn't seem to want to talk back to me via
    FTP protocol.

    I think it's very rude.

    It's running on a Win2k server with IIS5 installed.

    Any ideas as to what this might be?

    Cheers,

    Mark.

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Esler, Joel Contractor: "RE: Infrared Vulns on laptops"