On 11/14/05, Christopher E. Cramer <[EMAIL PROTECTED]> wrote: > > Mike, > > This looks like the output from an FTP server. If I had to guess, I would > say that this looks like someone compromised a machine and installed a > warez ftp server on the identd port. > > -c > > -- > Christopher E. Cramer, Ph.D. > University Information Technology Security Officer > Duke University, Office of Information Technology > 334 Blackwell St., Suite 2106, Durham, NC 27701 > PH: 919-660-7003 FAX: 919-668-2953 CELL: 919-210-0528 >
You're right, it does look like that. I didn't even think that it might be a standard service running on a different port. I don't own these machines, so I don't really want to connect to these servers to find out if it really is ftp. It does seem likely that they are warez servers. Thanks, Mike
