Oneill Posted August 19, 2007 Share Posted August 19, 2007 Hi everyone. First post here! I would like to share with you all this intresting message i got when i tried telneting my port 9090 (zeus admin) " This is not a rootkit or other backdoor, it's a BitTorrent client. Really. Why should you be worried, can't you read this reassuring message? Now just listen to this social engi, er, I mean, completely truthful statement, and go about your business. Your box is safe and completely impregnable, the marketing hype for your OS even says so. You can believe everything you read. Now move along, nothing to see here. Connection closed by foreign host. " Gives me that feeling that there is something else behind that, but i havent found it yet xD Give me your opinnion and comments about it. "Thanks YOu Come Again!" 8-) Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 19, 2007 Share Posted August 19, 2007 'my port' been what? A computer, a router, a printer? Quote Link to comment Share on other sites More sharing options...
Oneill Posted August 19, 2007 Author Share Posted August 19, 2007 oh, yeah my port = my other computer on the network (desktop windows box) Quote Link to comment Share on other sites More sharing options...
lunex Posted August 19, 2007 Share Posted August 19, 2007 Log into that computer and open the command prompt. Type this into the command prompt: netstat -ao That should give you a list of all active connections and listening ports, and the PID of the process that owns the port. Look for the susspisious port and the PID associated with it. You can then use taskman or some other application that can list active processes to find more info about that processes, such as the process name. Then, you still have to figure out whether the process is malicious. I can't help you there without more information. Quote Link to comment Share on other sites More sharing options...
Oneill Posted August 19, 2007 Author Share Posted August 19, 2007 errrr i kinda got it wrong, its not a windows box, its actually my brothers Macbook pro (mixed up the IP's) So i wont be able to do netstat -ao cause Mac OS netstat doesnt have such options. I wonder what the heck is Zeus Admin the port is 9090 as a said, its TCP and the service is zeus-admin heres nmap result: PORT STATE SERVICE 427/tcp open svrloc ( not sure about this either) 548/tcp open afpovertcp (this is Mac Os X File Share) 9090/tcp open zeus-admin (dunno what this is) Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 19, 2007 Share Posted August 19, 2007 netstat -p -n Quote Link to comment Share on other sites More sharing options...
Oneill Posted August 20, 2007 Author Share Posted August 20, 2007 Doesnt look harmful, but i still like the telnet message. same for http://(IP):9090/ same message. Quote Link to comment Share on other sites More sharing options...
cooper Posted August 20, 2007 Share Posted August 20, 2007 Doesnt look harmful, but i still like the telnet message. same for http://(IP):9090/ same message. The message is the same because you're still accessing the same program. The message is probably the default response to unknown traffic. Check out this: http://transmission.m0k.org/trac/browser/t...ion/peerparse.h start reading at line 545. This is from some torrent client and/or server by the looks of it. Quote Link to comment Share on other sites More sharing options...
Oneill Posted August 21, 2007 Author Share Posted August 21, 2007 yeah i found that when i was searching around. Funny :-D tks for the replies! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.