Underground - Bhasker V K,the Sandman's Hideout

Create a New Forum Admin Login Member Login Contribute to Voyager Search VoyForums Help Desk VoyForums Exchange VoyForums Directory/Categories VoyForums Homepage VoyForums News FAQ - Frequently Asked Questions

[ Show ]

Support VoyForums

[ Shrink ]

VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

[ Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: [1] ]

Subject: cp Author: guess who [ Next Thread | Previous Thread | Next Message | Previous Message ] Date Posted: 01:54:19 11/10/03 Mon Author Host/IP: NoHost/66.98.130.76 202.71.148.133 [ Next Thread | Previous Thread | Next Message | Previous Message ]

Replies:

[> Subject: Re: cp Author: doc's report by the sandman [ Edit | View ] Date Posted: 02:17:00 11/10/03 Mon Author Host/IP: NoHost/66.98.130.76 Local Area Connection: Node IpAddress: [202.71.148.133] Scope Id: [] NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------- BR03 <00> UNIQUE Registered CRAZY <00> GROUP Registered BR03 <03> UNIQUE Registered BR03 <20> UNIQUE Registered CRAZY <1E> GROUP Registered - spybot s&d installed - no major admin restrictions - regedit,admin tools,accessable - only certain icons from desktop missing - file sharing not enabled, [corrected] GRC Port Authority Report created on UTC: 2003-11-10 at 09:00:48 Results from scan of ports: 0-1055 0 Ports Open 1038 Ports Closed 18 Ports Stealth --------------------- 1056 Ports Tested NO PORTS were found to be OPEN. Ports found to be STEALTH were: 25, 69, 79, 111, 135, 137, 138, 139, 161, 445, 513, 515, 543, 544, 704, 707, 1025, 1026 Other than what is listed above, all ports are CLOSED. TruStealth: FAILED - NOT all tested ports were STEALTH, - NO unsolicited packets were received, - A PING REPLY (ICMP Echo) WAS RECEIVED. Port Service Status Security Implications 0 Closed Your computer has responded that this port exists but is currently closed to connections. 21 FTP Closed Your computer has responded that this port exists but is currently closed to connections. 22 SSH Closed Your computer has responded that this port exists but is currently closed to connections. 23 Telnet Closed Your computer has responded that this port exists but is currently closed to connections. 25 SMTP Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 79 Finger Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 80 HTTP Closed Your computer has responded that this port exists but is currently closed to connections. 110 POP3 Closed Your computer has responded that this port exists but is currently closed to connections. 113 IDENT Closed Your computer has responded that this port exists but is currently closed to connections. 119 NNTP Closed Your computer has responded that this port exists but is currently closed to connections. 135 RPC Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 139 Net BIOS Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 143 IMAP Closed Your computer has responded that this port exists but is currently closed to connections. 389 LDAP Closed Your computer has responded that this port exists but is currently closed to connections. 443 HTTPS Closed Your computer has responded that this port exists but is currently closed to connections. 445 MSFT DS Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 1002 ms-ils Closed Your computer has responded that this port exists but is currently closed to connections. 1024 DCOM Closed Your computer has responded that this port exists but is currently closed to connections. 1025 Host Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 1026 Host Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 1027 Host Closed Your computer has responded that this port exists but is currently closed to connections. 1028 Host Closed Your computer has responded that this port exists but is currently closed to connections. 1029 Host Closed Your computer has responded that this port exists but is currently closed to connections. 1030 Host Closed Your computer has responded that this port exists but is currently closed to connections. 1720 H.323 Closed Your computer has responded that this port exists but is currently closed to connections. 5000 UPnP OPEN! Universal Plug'n'Play is Microsoft's new protocol for allowing PCs to automatically discover and control a wide range of locally networked peripherals. This powerful protocol is likely to expose the user's machine to many clever remote security exploits and vulnerabilities. And, unfortunately, Microsoft has enabled this insecure protocol by default -- even if your system doesn't need or use it. You can easily disable this with our free UnPlug n' Pray utility.

[> Subject: Re: cp Author: sandman to cp [ Edit | View ] Date Posted: 02:18:23 11/10/03 Mon Author Host/IP: NoHost/202.71.148.133 PRESCRIPTION Port 5000 Name: upnp-evnt Purpose: Universal Plug N' Play Event Description: This TCP port is opened and used by Universal Plug N' Play (UPnP) devices to accept incoming connections from other UPnP devices. UPnP devices connect to each other using TCP protocol over port 5000. Related Ports: 1900 Background and Additional Information: The Universal Plug N' Play (UPnP) system operates over two ports: UDP/1900 and TCP/5000. UDP protocol is used over Port 1900 because the UDP protocol supports a "broadcast semantics" which allows a single UPnP announcement message to be received and heard by all devices listening on the same sub-network. TCP, being inherently a point-to-point connection-oriented protocol, does not support message broadcasts. When UPnP devices wish to announce themselves, or "shout out" to find out what other UPnP devices are hanging around on the network, they issue a UDP message aimed at port 1900 of the special IP address [239.255.255.250]. This special "multicast" broadcast address has been set aside for UPnP devices and will be received by all of them listening on UDP port 1900. After such an announcement broadcast is made, any devices wishing to reply or respond to the broadcaster initiate a TCP connection to the broadcaster's TCP port 5000. The devices then engage in a dialog to meet their needs. As you can see, UPnP enabled devices will be opening and listening on UDP port 1900 and TCP port 5000. It is probably worth mentioning that, here again, Microsoft's exposed UPnP Internet servers were found to have remotely exploitable unchecked buffers that would allow, in principle, remote malicious hackers to commandeer Windows ME or XP computers. Microsoft quickly issued a patch to fix this known vulnerability, but since there might well be others, and since unused Internet servers and services should not be left running of they are not actively needed, I wrote a quick, simple, and small 22 kbyte utility which allows the Universal Plug N' Play servers in Windows ME and XP to be easily started, stoped, and semi-permanently deactivated (until they are possibly needed at some future time.)