is this real?
From: Michael Weber (mweber_at_hitwin.com)
Date: 03/15/04
- Previous message: Mitchell Rowton: "RE: FW: Legal? Road Runner proactive scanning.[Scanned]"
- Next in thread: Eric Brown: "Re: is this real?"
- Maybe reply: Eric Brown: "Re: is this real?"
- Reply: Niek: "Re: is this real?"
- Reply: Security Zone: "Re: is this real?"
- Reply: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: is this real?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 15 Mar 2004 18:48:38 +0100 To: security-basics@securityfocus.com
Hi,
after the weekend i spend a few hours for a journey trough my logfiles
from the weekend. So i detect one IP which scan us very often and try to
connect to ssh. Not unusual so far... normally i do an nmap run, look on
the machine and forget it.
But This:
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-15 18:30 CET
Interesting ports on xxx.xxx.xxx.xxx:
(The 1007 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
21/tcp open ftp?
22/tcp open ssh SSH 1.2.33 (protocol 1.5)
23/tcp open telnet Linux telnetd
25/tcp open smtp Sendmail smtpd 8.11.6/8.11.0
53/tcp open domain ISC Bind 8.2.2-P5
79/tcp open finger Linux fingerd
80/tcp open http Apache httpd 1.3.23 ((Unix) PHP/4.1.2)
109/tcp open pop-2?
110/tcp open pop3
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open imap?
445/tcp filtered microsoft-ds
513/tcp open login?
514/tcp open shell?
587/tcp open smtp Sendmail 8.11.6/8.11.0
707/tcp filtered unknown
Could THIS be real??? Or is it a honeypot? SSH in a version older than
me, telnet online, finger talks to the whole world and so on.... just a
question because i have never seen somewhat... open... in the wild
before. Somewhere in Korea...
regards,
Michael
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: Mitchell Rowton: "RE: FW: Legal? Road Runner proactive scanning.[Scanned]"
- Next in thread: Eric Brown: "Re: is this real?"
- Maybe reply: Eric Brown: "Re: is this real?"
- Reply: Niek: "Re: is this real?"
- Reply: Security Zone: "Re: is this real?"
- Reply: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: is this real?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
