[unisog] Port 33

Michael Sconzo msconzo at net.tamu.edu
Tue Jun 3 21:12:37 GMT 2003


If you have access to a linux box you might try the tool amap
(application map) it's used via a network connection and it basically
determines what applications are running on a given port...ie FTP on
port 80 etc...  It works by determining the protocol of the service
running on the port.

-Mike

On Tue, Jun 03, 2003 at 03:56:20PM -0500, Cam Beasley, ISO wrote:
> 
> i've come across a few IRCbots using 33/tcp for
> their serv-u daemon.. the port is likely hack team
> specific..  nothing new though..
> 
> if you like tcpview, try procexp:
> 
> http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
> 
> ~cam.
> 
> Cam Beasley
> Information Security Office
> The University of Texas at Austin
>       
> 
> > -----Original Message-----
> > From: Phil.Rodrigues at uconn.edu [mailto:Phil.Rodrigues at uconn.edu] 
> > Sent: Tuesday, June 03, 2003 15:18
> > To: unisog at sans.org
> > Subject: Re: [unisog] Port 33
> > 
> > 
> > I also like TCP-View.  Its a single .exe and runs well on  XP:
> > 
> > http://www.sysinternals.com/ntw2k/source/tcpview.shtml
> > 
> > I hadn't seen Vision yet - thanks for the tip!
> > 
> > Phil
> > 
> > =======================================
> > Philip A. Rodrigues
> > Network Analyst, UITS
> > University of Connecticut
> > 
> > email: phil.rodrigues at uconn.edu
> > phone: 860.486.3743
> > fax: 860.486.6580
> > web: http://www.security.uconn.edu 
> > =======================================
> > 
> > 
> > 
> > 
> > 
> > bukys at cs.rochester.edu
> > 06/03/2003 03:17 PM
> > 
> >  
> >         To:     sbernard at gmu.edu
> >         cc:     bukys at cs.rochester.edu, unisog at sans.org
> >         Subject:        Re: [unisog] Port 33
> > 
> > 
> > If it's a Windows box, use the free FoundStone utilities "fport" 
> > (command-line) or "vision" (GUI) to find out what process is 
> > listening on that port.  On a Unix box, use "lsof" to do the same.
> > 
> > Liudvikas Bukys
> > University of Rochester
> > <bukys at cs.rochester.edu>
> > 
> > in reply to the following:
> > >From: sbernard at gmu.edu
> > >To: unisog at sans.org
> > >Subject: [unisog] Port 33
> > >
> > >I've got a compromised box that is running a service on TCP 
> > port 33.  I
> > can't find anything on from Google, SANS, etc. regarding this 
> > port, except 
> > that it's "supposed to be" the Display Support Protocol.  
> > Using telnet to 
> > connect to the port provides the following:
> > >
> > ># telnet a.b.c.d 33
> > >Trying a.b.c.d...
> > >Connected to a.b.c.d.
> > >Escape character is '^]'.
> > >  [Pressed <Enter>]
> > >220 v:0.2
> > >?
> > >500 Not Loged in
> > >^]
> > >telnet> close
> > >Connection closed.
> > >#
> > >
> > >Has anyone else seen this?
> > >
> > >Regards,
> > >
> > >Steve Bernard
> > >Sr. Systems Engineer, NET
> > >George Mason University
> > >Fairfax, Virginia
> > 
> > 
> > 
> > 

-- 

_
_ Michael J. Sconzo
_ Computing & Information Services, Texas A&M University

The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
        But let your communication be Yea, yea; nay, nay: for
        whatsoever is more than these cometh of evil.
                -- Matthew 5:37



More information about the unisog mailing list