Re: How to gather information about a open port?
On Thu, 6 Mar 2003 14:44:48 +0100
Qian Gong <q.gong@tue.nl> wrote:
> > As this is not known to me as a standard service, it could be either
> > Dell's monitoring software or a trojan. There's a VB trojan that
> > uses this port.
> >
> > Fiddling with 'telnet host port' can also help in such cases.
>
> After this command, the program just hangs after
>
> Escape character is'^]'.
Of course, you just established a connection to that port at this
moment. It's up to you to type in a command that the service will
respond on. So you have to know or to guess what the protocol looks
like. That's why I called it 'fiddling'. Just to get an impression what
I'm talking about, establish a telnet connection to any webserver (port
80) and then type "HEAD / HTTP/1.0" and the server will return it's
identification, version, etc. or try "GET /" and you will get the start
page of this server in plain text.
Again, there are several trojans that use that specific port e.g.:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.gapin.html
http://www.simovits.com/trojans/tr_data/y935.html
Google will tell you more! :)
Regards,
Christian
Reply to: