Security Basics mailing list archives

is this real?

From: Michael Weber <mweber () hitwin com>
Date: Mon, 15 Mar 2004 18:48:38 +0100

Hi,

after the weekend i spend a few hours for a journey trough my logfilesfrom the weekend. So i detect one IP which scan us very often and try toconnect to ssh. Not unusual so far... normally i do an nmap run, look onthe machine and forget it.


But This:

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-15 18:30 CET
Interesting ports on xxx.xxx.xxx.xxx:
(The 1007 ports scanned but not shown below are in state: closed)
PORT    STATE    SERVICE      VERSION
21/tcp  open     ftp?
22/tcp  open     ssh          SSH 1.2.33 (protocol 1.5)
23/tcp  open     telnet       Linux telnetd
25/tcp  open     smtp         Sendmail smtpd 8.11.6/8.11.0
53/tcp  open     domain       ISC Bind 8.2.2-P5
79/tcp  open     finger       Linux fingerd
80/tcp  open     http         Apache httpd 1.3.23 ((Unix) PHP/4.1.2)
109/tcp open     pop-2?
110/tcp open     pop3
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open     imap?
445/tcp filtered microsoft-ds
513/tcp open     login?
514/tcp open     shell?
587/tcp open     smtp         Sendmail 8.11.6/8.11.0
707/tcp filtered unknown

Could THIS be real??? Or is it a honeypot? SSH in a version older thanme, telnet online, finger talks to the whole world and so on.... just aquestion because i have never seen somewhat... open... in the wildbefore. Somewhere in Korea...


regards,
Michael



---------------------------------------------------------------------------

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 offany course! All of our class sizes are guaranteed to be 10 students or lessto facilitate one-on-one interaction with one of our expert instructors.Attend a course taught by an expert instructor with years of in-the-fieldpen testing experience in our state of the art hacking lab. Master the skillsof an Ethical Hacker to better assess the security of your organization.Visit us at:http://www.infosecinstitute.com/courses/ethical_hacking_training.html

----------------------------------------------------------------------------

Current thread:

is this real? Michael Weber (Mar 16)
- Re: is this real? Niek (Mar 17)
  - Re: is this real? James Turnbull (Mar 18)
- Re: is this real? Security Zone (Mar 17)
- RE: is this real? Aditya, ALD [Aditya Lalit Deshmukh] (Mar 18)
- <Possible follow-ups>
- Re: is this real? Eric Brown (Mar 17)
- Re: Re: is this real? c.wuck (Mar 17)