Security Basics mailing list archives
Host identification
From: "Cedric Staub" <cs.staub () gmail com>
Date: Fri, 1 Aug 2008 21:22:35 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello everybody I recently started scanning the /24 subnets I get assigned to everytime I connect to my ISP, because I was curious whether my 'virtual neighbours' were running any services. Now, everytime I do a scan, I see at least a couple of machines with an open port 10000, running WebLogic, which seems to be a product from Oracle. I don't think 'home users' would use such a product (but maybe I'm wrong), and was thinking that those were perhaps part of my ISP's infrastructure. Now I'm curious, what do you think those machines could be good for, what is their purpose? And why do I always see at least three or four of them? I attached a full nmap scan below. Thank you for any pointers! Sincerely, Cedric -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIk2J8v0D9btKF36sRAtR0AKC4pk1A6yeaJ7ilE43UHdnOG1kYuQCgiQ6d NoH3J5WLd8a1eU/8QghM57k= =BVSo -----END PGP SIGNATURE----- ------------------------------------------------------------------------------- # nmap -T Aggressive -A -v TARGET Starting Nmap 4.53 ( http://insecure.org ) at 2008-08-01 20:48 CEST Initiating Ping Scan at 20:48 Scanning TARGET [2 ports] Completed Ping Scan at 20:48, 0.03s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 20:48 Completed Parallel DNS resolution of 1 host. at 20:48, 0.02s elapsed Initiating SYN Stealth Scan at 20:48 Scanning HOSTNAME (TARGET) [1714 ports] Discovered open port 10000/tcp on TARGET Completed SYN Stealth Scan at 20:48, 6.00s elapsed (1714 total ports) Initiating Service scan at 20:48 Scanning 1 service on HOSTNAME (TARGET) Completed Service scan at 20:48, 6.08s elapsed (1 service on 1 host) Initiating OS detection (try #1) against HOSTNAME (TARGET) Retrying OS detection (try #2) against HOSTNAME (TARGET) Retrying OS detection (try #3) against HOSTNAME (TARGET) Retrying OS detection (try #4) against HOSTNAME (TARGET) Retrying OS detection (try #5) against HOSTNAME (TARGET) TARGET: guessing hop distance at 2 Initiating Traceroute at 20:48 Completed Traceroute at 20:48, 0.05s elapsed Initiating Parallel DNS resolution of 4 hosts. at 20:48 Completed Parallel DNS resolution of 4 hosts. at 20:48, 0.02s elapsed SCRIPT ENGINE: Initiating script scanning. Host HOSTNAME (TARGET) appears to be up ... good. Interesting ports on HOSTNAME (TARGET): Not shown: 1710 closed ports PORT STATE SERVICE VERSION 23/tcp filtered telnet 1720/tcp filtered H.323/Q.931 8080/tcp filtered http-proxy 10000/tcp open http WebLogic httpd No exact OS matches for host (If you know what OS is running on it, see http://insecure.org/nmap/submit/ ). TCP/IP fingerprint: OS:SCAN(V=4.53%D=8/1%OT=10000%CT=1%CU=38732%PV=N%DS=2%G=Y%TM=48935A96%P=i68 OS:6-pc-linux-gnu)SEQ(SP=22%GCD=1%ISR=50%TI=I%TS=U)SEQ(SP=16%GCD=1%ISR=50%T OS:I=I%TS=U)SEQ(SP=24%GCD=1%ISR=50%TI=I%TS=U)SEQ(SP=0%GCD=64%ISR=50%TI=I%TS OS:=U)SEQ(SP=17%GCD=1%ISR=50%TI=I%TS=U)OPS(O1=M578%O2=M578%O3=M280%O4=M578% OS:O5=M218%O6=M109)WIN(W1=1770%W2=1770%W3=1770%W4=1770%W5=1770%W6=1770)ECN( OS:R=Y%DF=Y%T=40%W=1770%O=M578%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0% OS:Q=)T2(R=N)T3(R=Y%DF=Y%T=40%W=1770%S=O%A=S+%F=AS%O=M109%RD=0%Q=)T4(R=Y%DF OS:=N%T=40%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=40%W=0%S=Z%A=S+%F=AR%O= OS:%RD=0%Q=)T6(R=Y%DF=N%T=40%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y%DF=N%T=40%W= OS:0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%TOS=0%IPL=38%UN=0%RIPL=G%RID OS:=G%RIPCK=G%RUCK=6245%RUL=G%RUD=G)IE(R=N) Network Distance: 2 hops TCP Sequence Prediction: Difficulty=23 (Good luck!) IP ID Sequence Generation: Incremental TRACEROUTE (using port 10000/tcp) HOP RTT ADDRESS 1 1.33 ... 2 14.85 ... (...) 3 20.71 HOSTNAME (TARGET) Read data files from: /usr/share/nmap OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ . Nmap done: 1 IP address (1 host up) scanned in 24.857 seconds Raw packets sent: 1878 (87.982KB) | Rcvd: 1791 (72.646KB)
Current thread:
- Host identification Cedric Staub (Aug 03)
- Re: Host identification Jason Keating (Aug 05)
- RE: Host identification Daniel I. Didier (Aug 05)
- Re: Host identification Francisco Neira Basso (Aug 06)
- RE: Host identification Roni Bachar (Aug 05)