From: Joshua Vince (joshv@bcgsys.com)
Date: Fri Aug 15 2003 - 16:55:19 EDT
That's SMTP, but w/ the Cisco PIX fixup protocol protecting it.
-----Original Message-----
From: Mark Sayer [mailto:msayer@neocomm.com.au]
Sent: Thursday, August 14, 2003 11:05 PM
To: pen-test@securityfocus.com
Subject: Pls. help identify strange service listening on TCP port 25
Howdy folks -
No - it's not SMTP - at least nothing I have ever seen before. When
connecting to TCP port 25 I get the following banner:
220
***0*******************************************2************************
*200***0********0**0
On subsquent connections, I get slightly different banners:
220
***0*******************************************2************************
*200***2********0**0
or
220
***0*******************************************2************************
*200***2*20*02**0**0
or
220
***0*******************************************2************************
*200***2*20*****0**0
If I enter more than 1 character of text and press ENTER, I get the
error message:
500 web03: unknown command.
If I enter a single character and press ENTER, I get no response and the
service becomes un-responsive to any further interaction.
Looks like FTP return codes - 220 being service ready, and 500 being
command not found - but it doesn't seem to want to talk back to me via
FTP protocol.
I think it's very rude.
It's running on a Win2k server with IIS5 installed.
Any ideas as to what this might be?
Cheers,
Mark.
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT