Date: Sun, 26 Nov 2000 14:00:03 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Buliwyf McGraw <buliwyf@libertad.univalle.edu.co> Cc: freebsd-security@FreeBSD.ORG Subject: Re: fics Message-ID: <20001126140003.A38904@citusc17.usc.edu> In-Reply-To: <Pine.BSF.4.21.0011261135130.60616-100000@libertad.univalle.edu.co>; from buliwyf@libertad.univalle.edu.co on Sun, Nov 26, 2000 at 11:42:07AM -0500 References: <Pine.BSF.4.21.0011261135130.60616-100000@libertad.univalle.edu.co>
next in thread | previous in thread | raw e-mail | index | archive | help
--2oS5YaxWCcQjTEyO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Nov 26, 2000 at 11:42:07AM -0500, Buliwyf McGraw wrote: >=20 > Anybody knows about a trojan or something bad called "fics"??? >=20 > I found this in one pc on my intranet: >=20 > Interesting ports on (192.168.20.50): > Port State Protocol Service > 5000 open tcp fics That service name is meaningless; it can be anything listening on that port, fics is just the name of the protocol which is officially allowed to use it. The only reliable way to tell what protocol it is is to jump on the machine itself and look at the processes with a lsof-like tool. I don't know of any of these for Windows. Kris --2oS5YaxWCcQjTEyO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjohh+MACgkQWry0BWjoQKVz+QCgoMyhm+z2lGZPckSBXUhVs0Fq 1YcAoL1TVRu27hrWVRI4J+gj4ymdn5D1 =u9l4 -----END PGP SIGNATURE----- --2oS5YaxWCcQjTEyO-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001126140003.A38904>