Security Basics mailing list archives
Re: is this real?
From: Security Zone <seczone () i-nfinity com>
Date: Tue, 16 Mar 2004 19:34:22 +0100
Try and update nmap to current version (should be 3.50). Regards ALF On Mon, 2004-03-15 at 18:48, Michael Weber wrote:
Hi, after the weekend i spend a few hours for a journey trough my logfiles from the weekend. So i detect one IP which scan us very often and try to connect to ssh. Not unusual so far... normally i do an nmap run, look on the machine and forget it. But This: Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-15 18:30 CET Interesting ports on xxx.xxx.xxx.xxx: (The 1007 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 21/tcp open ftp? 22/tcp open ssh SSH 1.2.33 (protocol 1.5) 23/tcp open telnet Linux telnetd 25/tcp open smtp Sendmail smtpd 8.11.6/8.11.0 53/tcp open domain ISC Bind 8.2.2-P5 79/tcp open finger Linux fingerd 80/tcp open http Apache httpd 1.3.23 ((Unix) PHP/4.1.2) 109/tcp open pop-2? 110/tcp open pop3 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 143/tcp open imap? 445/tcp filtered microsoft-ds 513/tcp open login? 514/tcp open shell? 587/tcp open smtp Sendmail 8.11.6/8.11.0 707/tcp filtered unknown Could THIS be real??? Or is it a honeypot? SSH in a version older than me, telnet online, finger talks to the whole world and so on.... just a question because i have never seen somewhat... open... in the wild before. Somewhere in Korea... regards, Michael --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- is this real? Michael Weber (Mar 16)
- Re: is this real? Niek (Mar 17)
- Re: is this real? James Turnbull (Mar 18)
- Re: is this real? Security Zone (Mar 17)
- RE: is this real? Aditya, ALD [Aditya Lalit Deshmukh] (Mar 18)
- <Possible follow-ups>
- Re: is this real? Eric Brown (Mar 17)
- Re: Re: is this real? c.wuck (Mar 17)
- Re: is this real? Niek (Mar 17)