[RLUG] Sunday afternoon fun
Grant Kelly
gkelly at gmail.com
Sun Nov 5 14:39:01 PST 2006
I noticed someone from 219.94.133.29 scanning my ubuntu box today.
They were trying to login via SSH from a common list of names. Well, I
nmap'd em back, here's the results:
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-11-05 14:18 PST
Interesting ports on 219.94.133.29:
(The 1656 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.0.4
22/tcp open ssh OpenSSH 4.3 (protocol 1.99)
23/tcp open telnet Linux telnetd
25/tcp open smtp qmail smtpd
80/tcp open http Apache httpd 2.2.2 ((Fedora))
110/tcp open pop3 qmail pop3d
111/tcp open rpcbind 2 (rpc #100000)
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
443/tcp open ssl/http Apache httpd 2.2.2 ((Fedora))
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
888/tcp open ssl/http 3ware 3DM2 Serial RAID http config 2.0
10000/tcp open http Webmin httpd
27374/tcp filtered subseven
Service Info: Hosts: kuroha.net, medxis002.my.domain; OSs: Unix,
Linux; Device: storage-misc
-------
So if anyone wants to hack on some webmin, visit: https://219.94.133.29:10000/
or for some sort of RAID configuration utility, visit:
https://219.94.133.29:888/
Have fun,
Grant
More information about the RLUG
mailing list