From owner-freebsd-security  Sun Nov 26 13:59:24 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
	by hub.freebsd.org (Postfix) with ESMTP id BCCB637B479
	for <freebsd-security@FreeBSD.ORG>; Sun, 26 Nov 2000 13:59:19 -0800 (PST)
Received: (from kris@localhost)
	by citusc17.usc.edu (8.11.1/8.11.1) id eAQM04D38958;
	Sun, 26 Nov 2000 14:00:04 -0800 (PST)
	(envelope-from kris)
Date: Sun, 26 Nov 2000 14:00:03 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: Buliwyf McGraw <buliwyf@libertad.univalle.edu.co>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: fics
Message-ID: <20001126140003.A38904@citusc17.usc.edu>
References: <Pine.BSF.4.21.0011261135130.60616-100000@libertad.univalle.edu.co>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="2oS5YaxWCcQjTEyO"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0011261135130.60616-100000@libertad.univalle.edu.co>; from buliwyf@libertad.univalle.edu.co on Sun, Nov 26, 2000 at 11:42:07AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--2oS5YaxWCcQjTEyO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Nov 26, 2000 at 11:42:07AM -0500, Buliwyf McGraw wrote:
>=20
> Anybody knows about a trojan or something bad called "fics"???
>=20
> I found this in one pc on my intranet:
>=20
> Interesting ports on  (192.168.20.50):
> Port    State       Protocol  Service
> 5000    open        tcp       fics

That service name is meaningless; it can be anything listening on that
port, fics is just the name of the protocol which is officially
allowed to use it. The only reliable way to tell what protocol it is
is to jump on the machine itself and look at the processes with a
lsof-like tool. I don't know of any of these for Windows.

Kris

--2oS5YaxWCcQjTEyO
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjohh+MACgkQWry0BWjoQKVz+QCgoMyhm+z2lGZPckSBXUhVs0Fq
1YcAoL1TVRu27hrWVRI4J+gj4ymdn5D1
=u9l4
-----END PGP SIGNATURE-----

--2oS5YaxWCcQjTEyO--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message