Security Basics mailing list archives

Re: is this real?

From: Security Zone <seczone () i-nfinity com>
Date: Tue, 16 Mar 2004 19:34:22 +0100

Try and update nmap to current version (should be 3.50).

Regards

ALF

On Mon, 2004-03-15 at 18:48, Michael Weber wrote:

Hi,

after the weekend i spend a few hours for a journey trough my logfiles 
from the weekend. So i detect one IP which scan us very often and try to 
connect to ssh. Not unusual so far... normally i do an nmap run, look on 
the machine and forget it.

But This:

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-15 18:30 CET
Interesting ports on xxx.xxx.xxx.xxx:
(The 1007 ports scanned but not shown below are in state: closed)
PORT    STATE    SERVICE      VERSION
21/tcp  open     ftp?
22/tcp  open     ssh          SSH 1.2.33 (protocol 1.5)
23/tcp  open     telnet       Linux telnetd
25/tcp  open     smtp         Sendmail smtpd 8.11.6/8.11.0
53/tcp  open     domain       ISC Bind 8.2.2-P5
79/tcp  open     finger       Linux fingerd
80/tcp  open     http         Apache httpd 1.3.23 ((Unix) PHP/4.1.2)
109/tcp open     pop-2?
110/tcp open     pop3
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open     imap?
445/tcp filtered microsoft-ds
513/tcp open     login?
514/tcp open     shell?
587/tcp open     smtp         Sendmail 8.11.6/8.11.0
707/tcp filtered unknown

Could THIS be real??? Or is it a honeypot? SSH in a version older than 
me, telnet online, finger talks to the whole world and so on.... just a 
question because i have never seen somewhat... open... in the wild 
before. Somewhere in Korea...

regards,
Michael



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

is this real? Michael Weber (Mar 16)
- Re: is this real? Niek (Mar 17)
  - Re: is this real? James Turnbull (Mar 18)
- Re: is this real? Security Zone (Mar 17)
- RE: is this real? Aditya, ALD [Aditya Lalit Deshmukh] (Mar 18)
- <Possible follow-ups>
- Re: is this real? Eric Brown (Mar 17)
- Re: Re: is this real? c.wuck (Mar 17)