Home page logo
/

basics logo Security Basics mailing list archives

is this real?
From: Michael Weber <mweber () hitwin com>
Date: Mon, 15 Mar 2004 18:48:38 +0100

Hi,

after the weekend i spend a few hours for a journey trough my logfiles from the weekend. So i detect one IP which scan us very often and try to connect to ssh. Not unusual so far... normally i do an nmap run, look on the machine and forget it.

But This:

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-15 18:30 CET
Interesting ports on xxx.xxx.xxx.xxx:
(The 1007 ports scanned but not shown below are in state: closed)
PORT    STATE    SERVICE      VERSION
21/tcp  open     ftp?
22/tcp  open     ssh          SSH 1.2.33 (protocol 1.5)
23/tcp  open     telnet       Linux telnetd
25/tcp  open     smtp         Sendmail smtpd 8.11.6/8.11.0
53/tcp  open     domain       ISC Bind 8.2.2-P5
79/tcp  open     finger       Linux fingerd
80/tcp  open     http         Apache httpd 1.3.23 ((Unix) PHP/4.1.2)
109/tcp open     pop-2?
110/tcp open     pop3
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open     imap?
445/tcp filtered microsoft-ds
513/tcp open     login?
514/tcp open     shell?
587/tcp open     smtp         Sendmail 8.11.6/8.11.0
707/tcp filtered unknown

Could THIS be real??? Or is it a honeypot? SSH in a version older than me, telnet online, finger talks to the whole world and so on.... just a question because i have never seen somewhat... open... in the wild before. Somewhere in Korea...

regards,
Michael



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault