SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Pastimes : Internet Security/Privacy Issues and Solutions
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
To: Greg from Edmonton who wrote (107)1/3/2001 11:55:02 PM
From: Greg from Edmonton  Read Replies (1) of 210
 
Yep, me thinks this box is pretty much rooted...
Notice the TCP banners at the bottom of the scan.
Two different versions of SSH,
and one of them is on a high port (7474).
Doesn't look too good...

It bothers me a bit that I couldn't seem to find any
information about the "Xtreme" trojan horse, other than
that it is typically found on ports 1019 or 1090.
Anybody else have any suggestions where else I might look?
I've been almost everywhere I know already (various search
engines, cert.org, securityfocus.com, etc. etc.).
Information about "Xtreme" seems to be quite obscure,
compared with Windows-based trojans like NetBus or
BackOrifice which have lots of info about them.
Nmap's best guess reports that the host system seems to be
running Linux kernel 2.2 or thereabouts.

D:\>fscan -bvpr 21,22,80,1019,1090,4675,7474 111.222.99.64 -d 100
FScan v1.12 - Command line port scanner.
Copyright 2000 (c) by Foundstone, Inc.
foundstone.com

Adding TCP port 21
Adding TCP port 22
Adding TCP port 80
Adding TCP port 1019
Adding TCP port 1090
Adding TCP port 4675
Adding TCP port 7474
Adding IP 111.222.99.64
Using 64 threads.
Connect timeout set to 600 ms.
Ping timeout set to 500 ms.
Scan delay set to 100 ms.
Banner grabbing enabled.

Scan started at Wed Jan 03 21:31:22 2001

Scanning TCP ports on 111.222.99.64
111.222.99.64 21/tcp
220 nightcrawler.breached.com FTP server (Version wu-2.6.0(1) Mon Feb 28
10:30:36 EST 2000) ready.[0D][0A]
111.222.99.64 22/tcp
SSH-1.99-OpenSSH_2.2.0p1[0A]
111.222.99.64 7474/tcp
SSH-1.5-1.2.27[0A]
111.222.99.64 80/tcp
111.222.99.64 1019/tcp

Scan finished at Wed Jan 03 21:31:24 2001
Time taken: 7 ports in 1.531 secs (4.57 ports/sec)
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  

HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2025 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News