|
-
June 23rd, 2003, 11:36 PM
#1
really, really weird... need reply
You may remember my problem from before. This is another, really weird chapter. I've been recently asigned to administer 24 workstation inter-office network; all NT & 2000. One of my users have been visiting amature cracking sites and browsing the internet on company time way too much. He's also downloaded 'netcat', windows version of 'john the ripper' & YAPS (shitty windows port scanner) Before I did anything I wanted to see more "not -so-cool" activity. I wanted him to do something... back to that later
The company public web site hasn't been contracted out to my company. Instead the PR dep. recruited a "web design" company which also hosts the server. Even though this is not my job, I decided to "namp" the machine. Here are the results w/ the "-sS -O" options!
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
113/tcp open auth
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
143/tcp open imap2
144/tcp open news
161/tcp filtered snmp
306/tcp open unknown
307/tcp open unknown
443/tcp open https
513/tcp open 21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
113/tcp open auth
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
143/tcp open imap2
144/tcp open news
161/tcp filtered snmp
306/tcp open unknown
307/tcp open unknown
443/tcp open https
513/tcp open login
514/tcp open shell
543/tcp open klogin
544/tcp open kshell
1112/tcp filtered msql
2105/tcp open eklogin
3333/tcp filtered dec-notes
4333/tcp filtered msql
5000/tcp filtered fics
6666/tcp filtered irc-serv
6667/tcp filtered irc
6668/tcp filtered irc
7000/tcp filtered afs3-fileserver
7001/tcp filtered afs3-callback
7007/tcp filtered afs3-bos
31337/tcp filtered Elite login
514/tcp open shell
543/tcp open klogin
544/tcp open kshell
1112/tcp filtered msql
2105/tcp open eklogin
3333/tcp filtered dec-notes
4333/tcp filtered msql
5000/tcp filtered fics
6666/tcp filtered irc-serv
6667/tcp filtered irc
6668/tcp filtered irc
7000/tcp filtered afs3-fileserver
7001/tcp filtered afs3-callback
7007/tcp filtered afs3-bos
31337/tcp filtered Elite
Firs of all the box confuses the hell out of nmap's OS detection. But I'd think it's a safe bet it's *nix system. Is this system hacked. Look at the damn 31337 port open it's even named Elite. Why is IRC running on this company system... any advice
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote