I noticed someone from 219.94.133.29 scanning my ubuntu box today. They were trying to login via SSH from a common list of names. Well, I nmap'd em back, here's the results:
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-11-05 14:18 PST Interesting ports on 219.94.133.29: (The 1656 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.0.4 22/tcp open ssh OpenSSH 4.3 (protocol 1.99) 23/tcp open telnet Linux telnetd 25/tcp open smtp qmail smtpd 80/tcp open http Apache httpd 2.2.2 ((Fedora)) 110/tcp open pop3 qmail pop3d 111/tcp open rpcbind 2 (rpc #100000) 135/tcp filtered msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 443/tcp open ssl/http Apache httpd 2.2.2 ((Fedora)) 445/tcp filtered microsoft-ds 593/tcp filtered http-rpc-epmap 888/tcp open ssl/http 3ware 3DM2 Serial RAID http config 2.0 10000/tcp open http Webmin httpd 27374/tcp filtered subseven Service Info: Hosts: kuroha.net, medxis002.my.domain; OSs: Unix, Linux; Device: storage-misc ------- So if anyone wants to hack on some webmin, visit: https://219.94.133.29:10000/ or for some sort of RAID configuration utility, visit: https://219.94.133.29:888/ Have fun, Grant _______________________________________________ RLUG mailing list [email protected] http://lists.rlug.org/mailman/listinfo/rlug
