[unisog] Port 33

Phil.Rodrigues at uconn.edu Phil.Rodrigues at uconn.edu
Tue Jun 3 20:18:28 GMT 2003


I also like TCP-View.  Its a single .exe and runs well on  XP:

http://www.sysinternals.com/ntw2k/source/tcpview.shtml

I hadn't seen Vision yet - thanks for the tip!

Phil

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues at uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
=======================================





bukys at cs.rochester.edu
06/03/2003 03:17 PM

 
        To:     sbernard at gmu.edu
        cc:     bukys at cs.rochester.edu, unisog at sans.org
        Subject:        Re: [unisog] Port 33


If it's a Windows box, use the free FoundStone utilities "fport" 
(command-line) or "vision" (GUI) to find out what process is 
listening on that port.  On a Unix box, use "lsof" to do the same.

Liudvikas Bukys
University of Rochester
<bukys at cs.rochester.edu>

in reply to the following:
>From: sbernard at gmu.edu
>To: unisog at sans.org
>Subject: [unisog] Port 33
>
>I've got a compromised box that is running a service on TCP port 33.  I 
can't find anything on from Google, SANS, etc. regarding this port, except 
that it's "supposed to be" the Display Support Protocol.  Using telnet to 
connect to the port provides the following:
>
># telnet a.b.c.d 33
>Trying a.b.c.d...
>Connected to a.b.c.d.
>Escape character is '^]'.
>  [Pressed <Enter>]
>220 v:0.2
>?
>500 Not Loged in
>^]
>telnet> close
>Connection closed.
>#
>
>Has anyone else seen this?
>
>Regards,
>
>Steve Bernard
>Sr. Systems Engineer, NET
>George Mason University
>Fairfax, Virginia





More information about the unisog mailing list