Date: Sun, 26 Nov 2000 14:00:03 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Buliwyf McGraw <buliwyf@libertad.univalle.edu.co> Cc: freebsd-security@FreeBSD.ORG Subject: Re: fics Message-ID: <20001126140003.A38904@citusc17.usc.edu> In-Reply-To: <Pine.BSF.4.21.0011261135130.60616-100000@libertad.univalle.edu.co>; from buliwyf@libertad.univalle.edu.co on Sun, Nov 26, 2000 at 11:42:07AM -0500 References: <Pine.BSF.4.21.0011261135130.60616-100000@libertad.univalle.edu.co>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Sun, Nov 26, 2000 at 11:42:07AM -0500, Buliwyf McGraw wrote: > > Anybody knows about a trojan or something bad called "fics"??? > > I found this in one pc on my intranet: > > Interesting ports on (192.168.20.50): > Port State Protocol Service > 5000 open tcp fics That service name is meaningless; it can be anything listening on that port, fics is just the name of the protocol which is officially allowed to use it. The only reliable way to tell what protocol it is is to jump on the machine itself and look at the processes with a lsof-like tool. I don't know of any of these for Windows. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjohh+MACgkQWry0BWjoQKVz+QCgoMyhm+z2lGZPckSBXUhVs0Fq 1YcAoL1TVRu27hrWVRI4J+gj4ymdn5D1 =u9l4 -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001126140003.A38904>