Loving popup adds as much as I do, and the relentless SPAM that fills my mailbox, for kicks I decided to run a quick nmap on one of the worst offenders.

I thought surely there box would be completely locked solid.

I was surprised when virtually every port on the machine was open.

The list of open ports is way too long to post, but I thought a few of these were interesting.

The last one on the list was of particular interest

nmap -v -sS <ip address> (witholding IP address here) produced:

27665/tcp open Trinoo_Master
31337/tcp open Elite
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
54320/tcp open bo2k

So I'm bored and I figure what the heck -

ssh -1 <ip address> gives me:

root@ipaddress's password:

So two things occur to me:

1. This is a WELL set up honeypot, and what I am seeing is simply an illusion to the real server - OR

2. They have one of the most open boxes I have ever seen, and they could care less about security.

With spammers, etc. is this a normal occurence? (ports open all over) - or was this particular site just an oddity?

Those of you who have done more adventuring than I have - what are your opinions?

- Aftiel