Fake SMTP/FTP Server Detection (possible backdoor)

Critical Nessus Plugin ID 32376


The remote service seems to be a backdoor


Although this service answers with 3 digit ASCII codes like FTP, SMTP or NNTP servers, it sends back different codes when several NOOP commands are sent in a row.

This is probably a backdoor; in this case, your system is compromised and an attacker can control it remotely.


Disinfect or reinstall your operating system.

Plugin Details

Severity: Critical

ID: 32376

File Name: fake_3digits.nasl

Version: Revision: 1.15

Type: remote

Family: Backdoors

Published: 2008/05/19

Updated: 2013/01/25

Dependencies: 14773

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ExperimentalScripts