>> This looks like the output from an FTP server. If I had to guess, I would
>> say that this looks like someone compromised a machine and installed a
>> warez ftp server on the identd port.
>>
>
>
>You're right, it does look like that. I didn't even think
> that it might be a standard service running on a different
> port.
>
nmap -sV -p [port] -v is your friend. Nmap service scan will identify the
service (http, ldap, whatever), the server's name (apache, openldap,..) and
version number (to some approximation) very reliably these days. The most
rrecent version of nmap included lots of new service fingerprints; if it's a
custom warez server it may still fingerprint as something recognisable, and if
not, that in itself tells you something.
\a
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
