[unisog] Port 33

bukys at cs.rochester.edu bukys at cs.rochester.edu
Tue Jun 3 19:17:29 GMT 2003

If it's a Windows box, use the free FoundStone utilities "fport" 
(command-line) or "vision" (GUI) to find out what process is 
listening on that port.  On a Unix box, use "lsof" to do the same.

Liudvikas Bukys
University of Rochester
<bukys at cs.rochester.edu>

in reply to the following:
>From: sbernard at gmu.edu
>To: unisog at sans.org
>Subject: [unisog] Port 33
>I've got a compromised box that is running a service on TCP port 33.  I can't find anything on from Google, SANS, etc. regarding this port, except that it's "supposed to be" the Display Support Protocol.  Using telnet to connect to the port provides the following:
># telnet a.b.c.d 33
>Trying a.b.c.d...
>Connected to a.b.c.d.
>Escape character is '^]'.
>  [Pressed <Enter>]
>220 v:0.2
>500 Not Loged in
>telnet> close
>Connection closed.
>Has anyone else seen this?
>Steve Bernard
>Sr. Systems Engineer, NET
>George Mason University
>Fairfax, Virginia

More information about the unisog mailing list