Fake SMTP/FTP Server Detection (possible backdoor)

critical Nessus Plugin ID 32376

Synopsis

The remote service seems to be a backdoor

Description

Although this service answers with 3 digit ASCII codes like FTP, SMTP or NNTP servers, it sends back different codes when several NOOP commands are sent in a row.

This is probably a backdoor; in this case, your system is compromised and an attacker can control it remotely.

Solution

Disinfect or reinstall your operating system.

Plugin Details

Severity: Critical

ID: 32376

File Name: fake_3digits.nasl

Version: Revision: 1.15

Type: remote

Family: Backdoors

Published: 5/19/2008

Updated: 1/25/2013

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ExperimentalScripts