Re: Port 9088

[Todd Meister <todd () LMI NET>]

On 05-Oct-2000 George Bakos wrote:
> is really there.  My
> guess is that these boxes' ipchains rulesets are actually holding very
> nicely, or the machines
> don't even exist.  You did a plain-vanilla scan including the initial ping,
> right?

I did "nmap -sT -p 9908 <ip>/<sub>" -- pretty vanilla.  I didn't want to be
sneaky at all.  Funny thing is, I haven't seen any response from network
administrators.

I'm assuming a lot of the responses were firewalls, routers, etc..  After the
nmap -sT..., I did nmap -O <ip>.  Most of the time, nmap failed to return any
information at all.  One of the IPs was reported as FreeBSD 2.x, and another as
Redhat.  A vanilla scan without the port specified showed them both running
what looked like a default set of services.  I'm guessing they were the actual
compromised boxes.  Could be portsentry or some other honeypotian program.

Todd