lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <004301c34d92$6a3380b0$0300a8c0@bzdrnja>
From: Bojan.Zdrnja at LSS.hr (Bojan Zdrnja)
Subject: Odd Behavior - Windows Messenger Service


> -----Original Message-----
> From: Knud Erik H?jgaard [mailto:kain@...op.dk] 
> Sent: Saturday, 19 July 2003 1:09 p.m.
> To: Bojan.Zdrnja@....hr; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Odd Behavior - Windows 
> Messenger Service
> 
> 
> Bojan Zdrnja wrote:
> 
> > Ok, now take your slackware box, do a default installation on it,
> > connect it to the network and then do nmap scan on it from a remote
> > box.
> 
> hack.dtors.net runs that stuff,
> toor@bob:~$ netstat -an | grep -i list
> tcp        0      0 0.0.0.0:37              0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:79              0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:113             0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:6969            0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
> unix  2      [ ACC ]     STREAM     LISTENING     75677
> /tmp/ssh-qIFD2161/agent.2161
> unix  2      [ ACC ]     STREAM     LISTENING     422    /dev/gpmctl
> toor@bob:~$ cat /etc/*ver*
> news.my_news_server.com
> Slackware 9.0.0
> toor@bob:~$
> 
> The webserver seems to be gone, but as you casn see the login is toor, the
> password is left as an exercise to the reader at the moment. Have your way
> with it, it's a def. install.

Thanks for this Knud.

So, Mr. Donnie, with your default installation Slackware box, you certanly
won't get pop-up spam, but if your ftp server has a bug or SMTP server is
misconfigured (allowing relay), you might find various thing, *when* you log
in. Or with any other services which we can see there (finger, ident and oh
look portmapper).
Look how many services are started, *before* you login and while your
Slackware box is sitting at login prompt.

Conclusion? Every "modern" OS will by default start various services. It's
up to user to shut them down and disable them.

I don't see a reason on bashing WinXP for starting a RPC service
automatically when absolutely everything does that (don't mention obsolete
Oses please).

Bojan Zdrnja

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ