Security Basics mailing list archives
Re: is this real?
From: Eric Brown <ericbrow () ziplip com>
Date: Tue, 16 Mar 2004 09:42:12 -0800 (PST)
Michael, I've seen this sort of openness with unpatched Cobalt servers from Sun. They're nice in that they allow someone with limited knowledge and expirence set up their own web and mail server, but they're about as secure as swiss cheese. The first server I ran in production was a Cobalt Raq4. Then I started learning about network security (thanks in large part to this list). Now we've switched to a much more secure setup. Or it could be a honeypot. It does look suspiciously open, I'll agree with you on that. Eric
-----Original Message----- From: Michael Weber [mailto:mweber () hitwin com] Sent: Tuesday, March 16, 2004, 9:19 AM To: security-basics () securityfocus com Subject: is this real? Hi, after the weekend i spend a few hours for a journey trough my logfiles from the weekend. So i detect one IP which scan us very often and try to connect to ssh. Not unusual so far... normally i do an nmap run, look on the machine and forget it. But This: Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-15 18:30 CET Interesting ports on xxx.xxx.xxx.xxx: (The 1007 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 21/tcp open ftp? 22/tcp open ssh SSH 1.2.33 (protocol 1.5) 23/tcp open telnet Linux telnetd 25/tcp open smtp Sendmail smtpd 8.11.6/8.11.0 53/tcp open domain ISC Bind 8.2.2-P5 79/tcp open finger Linux fingerd 80/tcp open http Apache httpd 1.3.23 ((Unix) PHP/4.1.2) 109/tcp open pop-2? 110/tcp open pop3 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 143/tcp open imap? 445/tcp filtered microsoft-ds 513/tcp open login? 514/tcp open shell? 587/tcp open smtp Sendmail 8.11.6/8.11.0 707/tcp filtered unknown Could THIS be real??? Or is it a honeypot? SSH in a version older than me, telnet online, finger talks to the whole world and so on.... just a question because i have never seen somewhat... open... in the wild before. Somewhere in Korea... regards, Michael --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
To do is to be. -Socrates To be is to do. -Satre Do be do be do. -Sinatra --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- is this real? Michael Weber (Mar 16)
- Re: is this real? Niek (Mar 17)
- Re: is this real? James Turnbull (Mar 18)
- Re: is this real? Security Zone (Mar 17)
- RE: is this real? Aditya, ALD [Aditya Lalit Deshmukh] (Mar 18)
- <Possible follow-ups>
- Re: is this real? Eric Brown (Mar 17)
- Re: Re: is this real? c.wuck (Mar 17)
- Re: is this real? Niek (Mar 17)