Wierd non-http port 80 daemon?

From: Dani Wuck (wuck_at_chello.nl)
Date: 01/07/04

  • Next message: Shepler, Eric W. [Contractor]: "RE: how secure is a vlan"
    Date: Wed, 07 Jan 2004 18:44:06 +0100
    To: security-basics@securityfocus.com
    
    

    G'day. My first post here, and I truly hope I've come to the right place.

    I've been scanning a box, and it's - lightly taken - set up very
    insecure. Many open ports, etc. One thing I find strange is the
    following: The box is open on port 80. But if you telnet into it, it
    doesn't act anything like a HTTP daemon.

    #1. If you connect to it, it waits for remote input.
    #2. It accepts a certain number of chars before it closes the connection.
    #3. If you immediately send the max. number of chars, (or more) the
    connection is closed at once.
    #4. You can send five times an 'a', and then get disconnected.
    #5. If you'd send 'abc', you'll get disconnected after < 5 times
    (usually 3 or 2)
    #6. Every time you send something, (except doing #3) it returns some
    ASCII that seems to be different everytime. (even if you keep sending
    the same)

    So .. what do you think I'm looking at? A trojan or something?
    Guessing on its open ports I believe it's a WinME OEM, Win2000 or
    (probably) WinXP box. (UPNP enabled)

    I'm eager to notify its user, but I first really want to know what that
    port 80 deamon is :)

      - wuck

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------


  • Next message: Shepler, Eric W. [Contractor]: "RE: how secure is a vlan"

    Relevant Pages

    • Re: Wierd non-http port 80 daemon?
      ... My first post here, and I truly hope I've come to the right place. ... Many open ports, etc. ... > We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, ... > and many other technical hands on courses. ...
      (Security-Basics)
    • Re: Wierd non-http port 80 daemon?
      ... Dani Wuck wrote: ... Many open ports, etc. ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ... and many other technical hands on courses. ...
      (Security-Basics)
    • Re: Wierd non-http port 80 daemon?
      ... Try using nmap with the newly added -A switch. ... what service is running on each port. ... Many open ports, etc. ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
      (Security-Basics)
    • Re: Wierd non-http port 80 daemon?
      ... Many open ports, etc. ... One thing I find strange is the ... But if you telnet into it, ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, ...
      (Security-Basics)