[Systems] [Systems-logs] Logwatch for sunjammer.sugarlabs.org (Linux)
Bernie Innocenti
bernie at codewiz.org
Wed Mar 10 19:19:53 EST 2010
On Thu, 2010-03-11 at 01:01 +0100, Sascha Silbe wrote:
> On Wed, Mar 10, 2010 at 08:50:24PM -0300, Bernie Innocenti wrote:
>
> > Those are not MTAs verifying MX records. Instead, they're some kind of
> > Windows zombies looking for open recursive nameservers, maybe for some
> > kind of cache-poisoning attack.
> That's an even better explanation. :)
> If there's any open port on them you might try running nmap -O to check
> whether they're Windows machines.
Haha, *of course* they were Windows machines.
I was so sure that I'd bet $100 bucks on it!
bernie at giskard:~$ sudo nmap -O 58.88.238.127
Starting Nmap 5.21 ( http://nmap.org ) at 2010-03-10 21:14 PYST
Nmap scan report for p6127-ipad07kanazawa.ishikawa.ocn.ne.jp (58.88.238.127)
Host is up (0.41s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
25/tcp filtered smtp
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|router|broadband router|WAP
Running (JUST GUESSING) : Microsoft Windows 2003 (94%), 3Com embedded (93%), Philips embedded (93%), SMC embedded (93%), T-Home embedded (93%), Sinus embedded (93%), Belkin embedded (93%)
Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (94%), 3Com OfficeConnect 3CR858-91 router (93%), Philips CIA6720NB ADSL modem (93%), SMC SMCWBR14-G2 Barricade N WAP (93%), T-Home Speedport W 700V WAP (93%), 3Com OfficeConnect 3CRWDR100A-72 wireless ADSL modem (93%), Wireless broadband router (3Com OfficeConnect 3CRWDR100A-72, Philips SNB6500, Sinus 154, SMC SMCWEBT-G, or SMC SMCWBR14-G2) (93%), Belkin F5D8233 WAP (93%), Belkin F6D4630-4 v1 WAP (93%), Siemens Gigaset SE551 wireless broadband router (93%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 21 hops
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 23.93 seconds
--
// Bernie Innocenti - http://codewiz.org/
\X/ Sugar Labs - http://sugarlabs.org/
More information about the Systems
mailing list