telent to port 21

[ark_templar]

hey yea will do
sry i couldnt reply eariler its really late here I'll post it as soon as I can thanks man

[ark_templar]

hey yea will do
sry i couldnt reply eariler its really late here I'll post it as soon as I can thanks man

[ark_templar]

well I cant edit the above post so I'll have to make a double post my apologies for that and for the delay in replying. Univ. was kinda hectic this week we are kicking off our tech-fest and our profs decieded we needed to submit all assignments this week itself.

Here are the screen shots as asked I'm still puzzelled as to why is there a difference between the response to telneting to 21 and other ports .. any help would be welcome.

and once again thanks for hepling so far

[HTRegz]

Hey Hey,

You need to run netstat -an (need to see listening connections)..


fport and PortQry2 results would also be nice... you can google for either of them and download them easily enough... especially PortQry2

Peace
HT

[ark_templar]

ok heres the screenshot for both fport and for netstat -an

i couldnt find portqry2 ...

[HTRegz]

Hey Hey,

I don't see port 21 listening on your computer... I'm really not sure what you're doing.. is it still open now??? Have you considered port scanning yourself.. to see exactly what is open..

You can grab superscan from here http://www.foundstone.com/index.htm?...superscan4.htm

Peace,
HT

[ark_templar]

hey it seems i havent been able to ask my Q properly or somthing cause I know that the port is locked tight as possible (norton and all take care of that) what I was asking was why when i telnet to the port 21 it gives me a different response than when i telnet to the http port or any other port when they are all locked down.

thats what i was trying to say any way

I forgot to mention that no server is running what I want to know is why doesnt it give my the same response for the ftp port as it did for the others. All ports are closed i had first telneted to port 80 that gave the error message and later to port 21. The computer isnt mine but my roommates I had asked him to close both ports and no server was running i checked myself.

and why does this difference arise only within the ftp port and the others and not for eg. port 79 and port 80 or port 35 and port 80 ..

the computer Im telnetting to is my roommates and the one I'm telneting from is mine.

[HTRegz]

Hey Hey,

If you're attempting to connect to your roommate queries, then all the images you gave me would have to come from your roommates computer... netstat run on it.. fport run on it.. etc.

Peace,
HT

[ark_templar]

they are from my roommates computer

[sec_ware]

Hi


Let me summarise:

The PC 10.100.98.45 seems to have something listening
on port 21 - if you telnet to it, you get an empty
window, the prompt is blinking, waiting for input.
Telnet to a web-server on Port 80 - you will see the
same behaviour.

Netstat does not show anything listening on port 21.
Is that version of netstat trustworthy? Therefore,
let's try another, external one:

fport. Again, fport does not indicate that anything is
listening on port 21.



It would be interesting to perform a nmap-scan[1]

Code:

>nmap -sS -sV -F 10.100.98.45

from your computer - maybe there are some hints?


I once had a machine like this - I re-initiated the
original ghost file (although it would have been interesting
to isolate the listening process/program/rootkit, but I had
no time). The reason for this is that it might be a
kernel-mode rootkit[2]. Your friend has installed
PeerWeb DC++? File sharing? What else did he install?
Is the machine "clean"? I assume - not.



Cheers

[1] http://www.insecure.org/nmap/download.html
[2] http://www.sysinternals.com/Utilitie...tRevealer.html