[unisog] Port 33

Phil.Rodrigues at uconn.edu Phil.Rodrigues at uconn.edu
Tue Jun 3 20:18:28 GMT 2003

I also like TCP-View.  Its a single .exe and runs well on  XP:


I hadn't seen Vision yet - thanks for the tip!


Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues at uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu

bukys at cs.rochester.edu
06/03/2003 03:17 PM

        To:     sbernard at gmu.edu
        cc:     bukys at cs.rochester.edu, unisog at sans.org
        Subject:        Re: [unisog] Port 33

If it's a Windows box, use the free FoundStone utilities "fport" 
(command-line) or "vision" (GUI) to find out what process is 
listening on that port.  On a Unix box, use "lsof" to do the same.

Liudvikas Bukys
University of Rochester
<bukys at cs.rochester.edu>

in reply to the following:
>From: sbernard at gmu.edu
>To: unisog at sans.org
>Subject: [unisog] Port 33
>I've got a compromised box that is running a service on TCP port 33.  I 
can't find anything on from Google, SANS, etc. regarding this port, except 
that it's "supposed to be" the Display Support Protocol.  Using telnet to 
connect to the port provides the following:
># telnet a.b.c.d 33
>Trying a.b.c.d...
>Connected to a.b.c.d.
>Escape character is '^]'.
>  [Pressed <Enter>]
>220 v:0.2
>500 Not Loged in
>telnet> close
>Connection closed.
>Has anyone else seen this?
>Steve Bernard
>Sr. Systems Engineer, NET
>George Mason University
>Fairfax, Virginia

More information about the unisog mailing list