Full Disclosure mailing list archives
Port scans from a Dedicated Micro Digital Sprite II
From: "Daniel H. Renner" <dan () losangelescomputerhelp com>
Date: 28 Jan 2004 11:59:37 -0800
A client of ours had a Dedicated Micro Digital Sprite II multiple camera monitor with web server system installed. Manufacturer product details are here: http://dedicatedmicros.com/dedicatedmicros/product/ds2/ds2_main.html The unit's setup was changed from the original as below to as follows in an attempt to remove the router from the equation: Internet --- DSL modem --- switch --- DS2 with public IP Concurrent with EVERY attempt to access the DS2, a port scan was initiated from the DS2's address at the visiting address, and this can be reproduced at will. For scan logs, see original email to vendor below. (Public IPs modified.) The emails which follow this bit of rambling were sent to the correct tech support email address per the support webpage: http://dedicatedmicros.com/dedicatedmicros/support/supindex.html with the addres of: ussupport () dmicros com On 21 Jan 2004 11:56:49 and again on 25 Jan 2004 22:58:45 with no response whatsoever. Cheers, Dan Renner -----Forwarded Message----- From: Daniel H. Renner <dan () losangelescomputerhelp com> To: ussupport () dmicros com Subject: [Fwd: Port scans from a DS2] Date: 25 Jan 2004 22:58:45 -0800 I have received no answer whatsoever on this email - this is not exactly professional treatment. Would you please tell me what is going on and why I should be receiving port scans from this device? -- Thank you, Dan Renner President Los Angeles Computerhelp http://losangelescomputerhelp.com 818.352.8700 -----Forwarded Message----- From: Daniel H. Renner <dan () losangelescomputerhelp com> To: ussupport () dmicros com Subject: Port scans from a DS2 Date: 21 Jan 2004 11:56:49 -0800 Hello, One of our clients has had your Digital Sprite 2 installed and we have connected it to the network for the owner's remote viewing. In our testing of the setup, we noticed that the unit was port-scanning our location during the connection. Full firewall IDS log entries during the effected time follow. EVERY SINGLE ONE of the portscans were from the IP address of the DS2. And EVERY SINGLE ONE of the port-scans were immediately after connection to the DS2. The network layout is as follows: Internet --> hardware router (TCP 80 port-forwarded to DS2) --> DS2 What the heck is going on here!? Also, once one is logged into the server, one is logged in forever, even after reboot there is no login required... That doesn't seem too healthy if the owner wants to check from an Internet cafe... -- Thank you, Dan Renner President Los Angeles Computerhelp http://losangelescomputerhelp.com 818.352.8700 Date: 01/21 12:15:25 Name: (spp_portscan2) Portscan detected from xxx.xxx.xxx.xxx: 1 targets 21 ports in 31 seconds Priority: n/a Type: n/a IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1614 References: none found SID: n/a Date: 01/21 12:15:35 Name: (spp_portscan2) Portscan detected from xxx.xxx.xxx.xxx: 1 targets 21 ports in 5 seconds Priority: n/a Type: n/a IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1647 References: none found SID: n/a Date: 01/21 12:18:21 Name: (spp_portscan2) Portscan detected from xxx.xxx.xxx.xxx: 1 targets 21 ports in 11 seconds Priority: n/a Type: n/a IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1690 References: none found SID: n/a Date: 01/21 12:19:39 Name: (spp_portscan2) Portscan detected from xxx.xxx.xxx.xxx: 1 targets 21 ports in 28 seconds Priority: n/a Type: n/a IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1757 References: none found SID: n/a Date: 01/21 12:23:40 Name: (spp_portscan2) Portscan detected from xxx.xxx.xxx.xxx: 1 targets 21 ports in 24 seconds Priority: n/a Type: n/a IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1790 References: none found SID: n/a Date: 01/21 12:24:51 Name: (spp_portscan2) Portscan detected from xxx.xxx.xxx.xxx: 1 targets 21 ports in 6 seconds Priority: n/a Type: n/a IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1876 References: none found SID: n/a Date: 01/21 12:25:46 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 4.60.201.59:n/a -> xxx.xxx.xxx.xxx:n/a References: none found SID: 483 Date: 01/21 12:25:55 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 4.63.151.175:n/a -> xxx.xxx.xxx.xxx:n/a References: none found SID: 483 Date: 01/21 12:25:58 Name: (spp_portscan2) Portscan detected from xxx.xxx.xxx.xxx: 1 targets 21 ports in 13 seconds Priority: n/a Type: n/a IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1916 References: none found SID: n/a Date: 01/21 12:26:41 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 4.63.99.139:n/a -> xxx.xxx.xxx.xxx:n/a References: none found SID: 483 Date: 01/21 12:27:17 Name: (spp_portscan2) Portscan detected from xxx.xxx.xxx.xxx: 1 targets 21 ports in 22 seconds Priority: n/a Type: n/a IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:2026 References: none found SID: n/a Date: 01/21 12:27:54 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 4.60.61.255:n/a -> xxx.xxx.xxx.xxx:n/a References: none found SID: 483 Date: 01/21 12:28:28 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 4.60.125.230:n/a -> xxx.xxx.xxx.xxx:n/a References: none found SID: 483 Date: 01/21 12:29:05 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 4.65.254.95:n/a -> xxx.xxx.xxx.xxx:n/a References: none found SID: 483 Date: 01/21 12:31:11 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 4.62.214.48:n/a -> xxx.xxx.xxx.xxx:n/a References: none found SID: 483 Date: 01/21 12:32:03 Name: (spp_portscan2) Portscan detected from xxx.xxx.xxx.xxx: 1 targets 21 ports in 4 seconds Priority: n/a Type: n/a IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:2124 References: none found SID: n/a Date: 01/21 12:32:13 Name: (spp_portscan2) Portscan detected from xxx.xxx.xxx.xxx: 1 targets 21 ports in 2 seconds Priority: n/a Type: n/a IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:2154 References: none found SID: n/a _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Port scans from a Dedicated Micro Digital Sprite II Daniel H. Renner (Jan 28)
- Re: Port scans from a Dedicated Micro Digital Sprite II eecue (Jan 28)