|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Port 9088
From: Todd Meister (todd
LMI.NET)Date: Thu Oct 05 2000 - 16:40:38 CDT
- Next message: George Bakos: "Interesting scanning activity"
- Previous message: LOS Ralph: "Strange activity to a laptop?"
- In reply to: George Bakos: "Re: Port 9088"
- Next in thread: Erik Tayler: "Re: Port 9088"
- Reply: Todd Meister: "Re: Port 9088"
- Reply: Erik Tayler: "Re: Port 9088"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 05-Oct-2000 George Bakos wrote:
> is really there. My
> guess is that these boxes' ipchains rulesets are actually holding very
> nicely, or the machines
> don't even exist. You did a plain-vanilla scan including the initial ping,
> right?
>
I did "nmap -sT -p 9908 <ip>/<sub>" -- pretty vanilla. I didn't want to be
sneaky at all. Funny thing is, I haven't seen any response from network
administrators.
I'm assuming a lot of the responses were firewalls, routers, etc.. After the
nmap -sT..., I did nmap -O <ip>. Most of the time, nmap failed to return any
information at all. One of the IPs was reported as FreeBSD 2.x, and another as
Redhat. A vanilla scan without the port specified showed them both running
what looked like a default set of services. I'm guessing they were the actual
compromised boxes. Could be portsentry or some other honeypotian program.
Todd
- Next message: George Bakos: "Interesting scanning activity"
- Previous message: LOS Ralph: "Strange activity to a laptop?"
- In reply to: George Bakos: "Re: Port 9088"
- Next in thread: Erik Tayler: "Re: Port 9088"
- Reply: Todd Meister: "Re: Port 9088"
- Reply: Erik Tayler: "Re: Port 9088"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]