Create a New Forum Admin Login Member Login Contribute to Voyager Search VoyForums Help Desk VoyForums Exchange VoyForums Directory/Categories VoyForums Homepage VoyForums News FAQ - Frequently Asked Questions

[ Show ]

Support VoyForums

[ Shrink ]

VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

[ Login ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 1, [2] ]

Subject: So it's a site about detecting port scans, hmm... Author: Plebius [ Next Thread | Previous Thread | Next Message | Previous Message ] Date Posted: 15:46:33 06/20/01 Wed In reply to: wipmax 's message, "check this out : http://project.honeynet.org" on 08:55:21 06/18/01 Mon Here's what they (http://project.honeynet.org) look like: Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ ) Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Interesting ports on calite-1.enteract.com (207.229.143.30): (The 1530 ports scanned but not shown below are in state: filtered) Port State Service 22/tcp open ssh This port is used for SSH secure remote login protocol SSH 1.2.26 contains a buffer overflow in the clients kerberos code 23/tcp open telnet This port is used for Telnet, remote login protocol Telnet is susceptible to sniffers, you can sniff a telnet session and acquire passwords 80/tcp open http Hypertext Transfer Protocol, used for the World Wide Web If you use IIS 3,4,or 5 there are many buffer overflows and exploits what allow users to edit your website, there are also many apache buffer overflows that stop httpd from running 777/tcp open unknown TCP Sequence Prediction: Class=random positive increments Difficulty=144192 (Good luck!) No exact OS matches for host (test conditions non-ideal). TCP/IP fingerprint: SInfo(V=2.54BETA7%P=i386-unknown-freebsd4.2%D=6/20%Time=3B30C21F%O=22%C=-1) TSeq(Class=RI%gcd=1%SI=16DD1) TSeq(Class=RI%gcd=1%SI=2F84F) TSeq(Class=RI%gcd=1%SI=23340) T1(Resp=Y%DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT) T2(Resp=N) T3(Resp=N) T4(Resp=N) T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E) Nmap run completed -- 1 IP address (1 host up) scanned in 687 seconds Looks like they're pretty secure after all. Plebius [ Next Thread | Previous Thread | Next Message | Previous Message ]

Replies:

Subject Author Date Re: So it's a site about detecting port scans, hmm... PanZer 17:18:50 06/20/01 Wed They're running FreeBSD -- Plebius, 19:11:01 06/20/01 Wed