O S A H    P R O J E C T S   
 
GENTERRA
CUEJACK
EYE/MACHINE
MINDS OF CONCERN::
BREAKING NEWS

TRACENOIZER
ANTI-WARGAME
FREE RADIO LINUX
CARNIVORE
SUPERCHANNEL
AMNESIA
PRETTY GOOD PRIVACY

  O S A H    C O N T E X T   
_What is OSAH?
_Conversation: Jenny Marketou and Steve Dietz
_Josephine Berry, "Bare Code: Net Art and the Free Software Movement"
_Micz Flor, "Hear Me Out: Free Radio Linux broadcasts the Linux sources on air and online
_OSAH Press
_Bibliography
_Quotes

  C R E D I T S  



NetArtCommons


  
This discussion has been archived. No new comments can be posted.
KNOWBOTIC RESEARCH
Minds of Concern::Breaking News, 2002
| Login/Create an Account | Top | 4 comments | Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
portscan 209.73.19.97 (Score:1)
by steve on Tuesday May 07, @09:33PM ( #15)
User #6 Info | http://netartcommons.walkerart.org/
Date: Tue, 7 May 2002 16:46:31 +0200
From: Florian Cramer
To: Nettime
Subject: Re: PUBLIC DOMAIN SCANNER
Sender: nettime-l-request@bbs.thing.net
Precedence: bulk
Reply-To: Florian Cramer

Am Tue, 07.May.2002 um 13:14:24 +0200x schrieb knowbotic.research:
>
>
> MINDS OF CONCERN::breaking news
> http://unitedwehack.ath.cx
>
> PUBLIC DOMAIN SCANNER
> http://unitedwehack.homeunix.net/minds3/

[...]

> In the project, we are using non-invasive SECURITY scanning tools, which
> systems administrators alike use in order to detect security holes on the
> Internet servers.

unitedwehack.ath.cx

All 1549 scanned ports on (209.73.19.97) are: UNfiltered

Interesting ports on (209.73.19.97):
(The 1542 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
80/tcp open http
111/tcp open sunrpc
443/tcp open https
901/tcp open samba-swat
3306/tcp open mysql
6000/tcp open X11

+ unitedwehack.ath.cx :
  . List of open ports :
      o general/tcp (Security warnings found)
      o general/udp (Security notes found)
      o unknown (32768/tcp) (Security warnings found)
      o general/icmp (Security warnings found)

  . Warning found on port general/tcp

        Microsoft Windows 95 and 98 clients have the ability
        to bind multiple TCP/IP stacks on the same MAC address,
        simply by having the protocol addded more than once
        in the Network Control panel.
       
        The remote host has several TCP/IP stacks with the
        same IP binded on the same MAC adress. As a result,
        it will reply several times to the same packets,
        such as by sending multiple ACK to a single SYN,
        creating noise on your network. If several hosts
        behave the same way, then your network will be brought
        down.
       
        Solution : remove all the IP stacks except one in the remote
        host
        Risk factor :
          Medium

  . Warning found on port general/tcp

        The remote host uses non-random IP IDs, that is, it is
        possible to predict the next value of the ip_id field of
        the ip packets sent by this host.
       
        An attacker may use this feature to determine if the remote
        host sent a packet in reply to another request. This may be
        used for portscanning and other things.
       
        Solution : Contact your vendor for a patch
        Risk factor :
          Low

  . Information found on port general/udp

        For your information, here is the traceroute to 209.73.19.97 :
        160.45.155.1
        130.133.98.2
        188.1.33.33
        188.1.20.5
        188.1.18.110
        134.222.130.229
        134.222.231.5
        134.222.230.17
        134.222.230.6
        134.222.229.238
        134.222.229.234
        205.171.30.145
        205.171.230.22
        205.171.30.86
        205.171.62.2
        206.252.135.2
        209.73.19.65
        209.73.19.97

  . Warning found on port unknown (32768/tcp)

        The fam RPC service is running.
        Several versions of this service have
        a well-known buffer oveflow condition
        that allows intruders to execute
        arbitrary commands as root on this system.

        Solution : disable this service in /etc/inetd.conf
        More information :
          http://www.nai.com/nai_labs/asp_set/advisory/16_fa m_adv.asp
        Risk factor : High
        CVE : CVE-1999-0059

  . Warning found on port general/icmp

        The remote host answers to an ICMP timestamp
        request. This allows an attacker to know the
        date which is set on your machine.
       
        This may help him to defeat all your
        time based authentifications protocols.
       
        Solution : filter out the icmp timestamp
        requests (13), and the outgoing icmp
        timestamp replies (14).
       
        Risk factor : Low
        CVE : CAN-1999-0524

Florian

# distributed via : no commercial use without permission
# is a moderated mailing list for net criticism,
# collaborative text filtering and cultural politics of the nets
# more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
# archive: http://www.nettime.org contact: nettime@bbs.thing.net
[ Parent ]
Re:portscan 209.73.19.97 (Score:1)
by steve on Thursday May 09, @12:13PM ( #16)
User #6 Info | http://netartcommons.walkerart.org/
Date: Wed, 08 May 2002 10:48:42 +0200
From: "knowbotic.research"
Subject: Re: [rohrpost] PUBLIC DOMAIN SCANNER

>unitedwehack.ath.cx

>All 1549 scanned ports on (209.73.19.97) are: UNfiltered

May 5 21:00:34 on open scanner:

May 5 21:00:23 snd sshd[16010]: fatal: Read from socket failed: Connection
reset by peer

netname: CABLECOM-MAIN-NET descr: Cablecom GmbH descr: Zuerich
May 5 21:00:34 snd sshd[16032]: Failed password for illegal user su from
217.162.194.136 port 1116

May 5 21:00:39 snd sshd[16032]: fatal: Read from socket failed: Connection
reset by peer
May 6 06:14:11 snd sshd[31593]: Did not receive identification string from
211.124.245.7

Hutchison Telecommunications (Hong Kong) Limited
May 7 12:18:46 snd sshd[14426]: Did not receive identification string from
210.0.210.16

[Network Name] CWO-NET g. [Organization] City Wave Osaka Inc.
May 7 19:03:56 snd sshd[28072]: Did not receive identification string from
211.124.245.7

Freie Universitaet Berlin
May 7 19:26:24 snd sshd[31515]: Bad protocol version identification 'QUIT'
from 160.45.155.53
May 7 19:27:27 snd sshd[31728]: Did not receive identification string from
160.45.155.53

netname: DOM-NET descr: digital online media Gmbh descr: Bismarckstr. 60
descr: D-50672 Koeln
May 7 21:07:02 snd sshd[11961]: Bad protocol version identification '^D'
from 194.77.86.7
[ Parent ]

Ornithology is for the birds as criticism is for the artists. -- trude. ;-)

[ home | about NetArtCommons | about OSAH | contribute story | preferences ]