[mailed and posted]
On Jun 15, 2009, at 1:55 PM, Patrick Domack wrote:
hmm, a strange ntp client
CPE000fb06f0904-CM000f21775e92.cpe.net.cable.rogers.com
99.241.71.252
I noticed my traffic went from around 150kbps to well over 450kbps,
and this one client was responsible, over 3000 requests per second.
Normally I only scan things that are abusive to me, but I was curious
and this felt justified
================================
$ sudo nmap -sV -O 99.241.71.252
Starting Nmap 4.85BETA7 ( http://nmap.org ) at 2009-06-15 22:59 CDT
Interesting ports on CPE000fb06f0904-
CM000f21775e92.cpe.net.cable.rogers.com (99.241.71.252):
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.1p1 Debian 5 (protocol 2.0)
Warning: OSScan results may be unreliable because we could not find at
least 1 open and 1 closed port
Device type: general purpose|remote management|phone|broadband router|
VoIP phone
Running (JUST GUESSING) : Linux 2.6.X (88%), HP embedded (87%), Nokia
Symbian OS (87%), Linksys embedded (85%), Thomson embedded (85%)
Aggressive OS guesses: Linux 2.6.22 (Debian 4.0) (88%), Linux 2.6.24
(Debian) (88%), HP Onboard Administrator management console (87%), HP
Onboard Administrator remote management for BladeSystem server
enclosures (87%), Linux 2.6.15 - 2.6.26 (87%), Nokia E65 mobile phone
(Symbian OS) (87%), Linksys WRV200 wireless broadband router (85%),
Linux 2.6.20 (Ubuntu 7.04 server, x86) (85%), Thomson Symbio VoIP
phone (85%)
No exact OS matches for host (test conditions non-ideal).
Service Info: OS: Linux
OS and Service detection performed. Please report any incorrect
results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 24.29 seconds
================================
If we can trust the banner on the ssh server there, this is some
customized Debian box.
--
Jeffrey Goldberg http://www.goldmark.org/jeff/
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
