Security Incidents mailing list archives
Re: Port 9088
From: Todd Meister <todd () LMI NET>
Date: Thu, 5 Oct 2000 14:40:38 -0700
On 05-Oct-2000 George Bakos wrote:
is really there. My guess is that these boxes' ipchains rulesets are actually holding very nicely, or the machines don't even exist. You did a plain-vanilla scan including the initial ping, right?
I did "nmap -sT -p 9908 <ip>/<sub>" -- pretty vanilla. I didn't want to be sneaky at all. Funny thing is, I haven't seen any response from network administrators. I'm assuming a lot of the responses were firewalls, routers, etc.. After the nmap -sT..., I did nmap -O <ip>. Most of the time, nmap failed to return any information at all. One of the IPs was reported as FreeBSD 2.x, and another as Redhat. A vanilla scan without the port specified showed them both running what looked like a default set of services. I'm guessing they were the actual compromised boxes. Could be portsentry or some other honeypotian program. Todd
Current thread:
- Port 9088 Todd Meister (Oct 04)
- Re: Port 9088 George Bakos (Oct 04)
- Re: Port 9088 Todd Meister (Oct 05)
- Re: Port 9088 Erik Tayler (Oct 06)
- Re: Port 9088 Todd Meister (Oct 05)
- Re: Port 9088 Christopher Tresco (Oct 04)
- Re: Port 9088 Todd Meister (Oct 04)
- <Possible follow-ups>
- Re: Port 9088 Peter Foreman (Oct 06)
- Re: Port 9088 George Bakos (Oct 04)