RE: Pls. help identify strange service listening on TCP port 25

From: Joshua Vince (joshv_at_bcgsys.com)
Date: 08/15/03

  • Next message: iriXx: "best random dictionary tool ?" 
    Date: Fri, 15 Aug 2003 16:55:19 -0400
To: "Mark Sayer" <msayer@neocomm.com.au>, <pen-test@securityfocus.com>

    That's SMTP, but w/ the Cisco PIX fixup protocol protecting it.

    -----Original Message-----
    From: Mark Sayer [mailto:msayer@neocomm.com.au]
    Sent: Thursday, August 14, 2003 11:05 PM
    To: pen-test@securityfocus.com
    Subject: Pls. help identify strange service listening on TCP port 25

    Howdy folks -

    No - it's not SMTP - at least nothing I have ever seen before. When
    connecting to TCP port 25 I get the following banner:

    220
    ***0*******************************************2************************
    *200***0********0**0

    On subsquent connections, I get slightly different banners:

    220
    ***0*******************************************2************************
    *200***2********0**0

    or

    220
    ***0*******************************************2************************
    *200***2*20*02**0**0

    or

    220
    ***0*******************************************2************************
    *200***2*20*****0**0

    If I enter more than 1 character of text and press ENTER, I get the
    error message:

    500 web03: unknown command.

    If I enter a single character and press ENTER, I get no response and the
    service becomes un-responsive to any further interaction.

    Looks like FTP return codes - 220 being service ready, and 500 being
    command not found - but it doesn't seem to want to talk back to me via
    FTP protocol.

    I think it's very rude.

    It's running on a Win2k server with IIS5 installed.

    Any ideas as to what this might be?

    Cheers,

    Mark.

    ------------------------------------------------------------------------ 

    ---
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
----------------------------------------------------------------------------
  • Next message: iriXx: "best random dictionary tool ?"

    Relevant Pages

    • Awful forwarding rate [7.2-Release, igb]
      ... Client connecting to 192.168.111.3, TCP port 5001 ... TCP window size: 129 KByte ... inet 192.168.1.153 netmask 0xffffff00 broadcast 192.168.1.255 ...
      (freebsd-net)
    • Re: Connection to computer at work using remote desktop
      ... Al Jarvi (MS-MVP Windows Networking) ... I don't know much about connecting computers, ... How do I find out if our work computer has a TCP Port 3389? ... Then I click on the computer (type in the name of the computer window). ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: [Full-Disclosure] TCP port 25 traffic?
      ... TCP port 25 traffic?Yeah, I think its called SPAM, not new though.... ... Try connecting to your server via telnet on port 25 and see if you can get an interactive connection. ... From: Josh Karp ...
      (Full-Disclosure)
    • Re: Remote desktop
      ... You need to make sure TCP port 3389 is open between the client and host. ... This posting is provided "AS IS" with no warranties, ... > I have had trouble connecting the remote desktop across ... > on the same router and I put the wan IP address in for ...
      (microsoft.public.windowsxp.network_web)