lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1075319976.13432.740.camel@localhost>
From: dan at losangelescomputerhelp.com (Daniel H. Renner)
Subject: Port scans from a Dedicated Micro Digital Sprite II

A client of ours had a Dedicated Micro Digital Sprite II multiple camera
monitor with web server system installed.  Manufacturer product details
are here:
http://dedicatedmicros.com/dedicatedmicros/product/ds2/ds2_main.html

The unit's setup was changed from the original as below to as follows in
an attempt to remove the router from the equation:
Internet --- DSL modem --- switch --- DS2 with public IP

Concurrent with EVERY attempt to access the DS2, a port scan was
initiated from the DS2's address at the visiting address, and this can
be reproduced at will.  For scan logs, see original email to vendor
below.  (Public IPs modified.)

The emails which follow this bit of rambling were sent to the correct
tech support email address per the support webpage:
http://dedicatedmicros.com/dedicatedmicros/support/supindex.html
with the addres of:
ussupport@...cros.com
On 21 Jan 2004 11:56:49 and again on 25 Jan 2004 22:58:45 with no
response whatsoever.


Cheers,
Dan Renner


-----Forwarded Message-----

From: Daniel H. Renner <dan@...angelescomputerhelp.com>
To: ussupport@...cros.com
Subject: [Fwd: Port scans from a DS2]
Date: 25 Jan 2004 22:58:45 -0800

I have received no answer whatsoever on this email - this is not exactly
professional treatment.

Would you please tell me what is going on and why I should be receiving
port scans from this device?


-- 


Thank you,

Dan Renner
President
Los Angeles Computerhelp
http://losangelescomputerhelp.com
818.352.8700

-----Forwarded Message-----

From: Daniel H. Renner <dan@...angelescomputerhelp.com>
To: ussupport@...cros.com
Subject: Port scans from a DS2
Date: 21 Jan 2004 11:56:49 -0800

Hello,

One of our clients has had your Digital Sprite 2 installed and we have
connected it to the network for the owner's remote viewing.

In our testing of the setup, we noticed that the unit was port-scanning
our location during the connection.  Full firewall IDS log entries
during the effected time follow.

EVERY SINGLE ONE of the portscans were from the IP address of the DS2.

And EVERY SINGLE ONE of the port-scans were immediately after connection
to the DS2.

The network layout is as follows:
Internet  -->  hardware router (TCP 80 port-forwarded to DS2) --> DS2

What the heck is going on here!?

Also, once one is logged into the server, one is logged in forever, even
after reboot there is no login required...  That doesn't seem too
healthy if the owner wants to check from an Internet cafe...


-- 


Thank you,

Dan Renner
President
Los Angeles Computerhelp
http://losangelescomputerhelp.com
818.352.8700


Date:	01/21 12:15:25 	Name:	(spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 31 seconds
Priority:	n/a 	Type:	n/a
IP info: 	xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1614
References:	none found	SID: 	n/a

Date:	01/21 12:15:35 	Name:	(spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 5 seconds
Priority:	n/a 	Type:	n/a
IP info: 	xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1647
References:	none found	SID: 	n/a

Date:	01/21 12:18:21 	Name:	(spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 11 seconds
Priority:	n/a 	Type:	n/a
IP info: 	xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1690
References:	none found	SID: 	n/a

Date:	01/21 12:19:39 	Name:	(spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 28 seconds
Priority:	n/a 	Type:	n/a
IP info: 	xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1757
References:	none found	SID: 	n/a

Date:	01/21 12:23:40 	Name:	(spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 24 seconds
Priority:	n/a 	Type:	n/a
IP info: 	xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1790
References:	none found	SID: 	n/a

Date:	01/21 12:24:51 	Name:	(spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 6 seconds
Priority:	n/a 	Type:	n/a
IP info: 	xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1876
References:	none found	SID: 	n/a

Date:	01/21 12:25:46 	Name:	ICMP PING CyberKit 2.2 Windows
Priority:	3 	Type:	Misc activity
IP info: 	4.60.201.59:n/a -> xxx.xxx.xxx.xxx:n/a
References:	none found	SID: 	483

Date:	01/21 12:25:55 	Name:	ICMP PING CyberKit 2.2 Windows
Priority:	3 	Type:	Misc activity
IP info: 	4.63.151.175:n/a -> xxx.xxx.xxx.xxx:n/a
References:	none found	SID: 	483

Date:	01/21 12:25:58 	Name:	(spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 13 seconds
Priority:	n/a 	Type:	n/a
IP info: 	xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1916
References:	none found	SID: 	n/a

Date:	01/21 12:26:41 	Name:	ICMP PING CyberKit 2.2 Windows
Priority:	3 	Type:	Misc activity
IP info: 	4.63.99.139:n/a -> xxx.xxx.xxx.xxx:n/a
References:	none found	SID: 	483

Date:	01/21 12:27:17 	Name:	(spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 22 seconds
Priority:	n/a 	Type:	n/a
IP info: 	xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:2026
References:	none found	SID: 	n/a

Date:	01/21 12:27:54 	Name:	ICMP PING CyberKit 2.2 Windows
Priority:	3 	Type:	Misc activity
IP info: 	4.60.61.255:n/a -> xxx.xxx.xxx.xxx:n/a
References:	none found	SID: 	483

Date:	01/21 12:28:28 	Name:	ICMP PING CyberKit 2.2 Windows
Priority:	3 	Type:	Misc activity
IP info: 	4.60.125.230:n/a -> xxx.xxx.xxx.xxx:n/a
References:	none found	SID: 	483

Date:	01/21 12:29:05 	Name:	ICMP PING CyberKit 2.2 Windows
Priority:	3 	Type:	Misc activity
IP info: 	4.65.254.95:n/a -> xxx.xxx.xxx.xxx:n/a
References:	none found	SID: 	483

Date:	01/21 12:31:11 	Name:	ICMP PING CyberKit 2.2 Windows
Priority:	3 	Type:	Misc activity
IP info: 	4.62.214.48:n/a -> xxx.xxx.xxx.xxx:n/a
References:	none found	SID: 	483

Date:	01/21 12:32:03 	Name:	(spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 4 seconds
Priority:	n/a 	Type:	n/a
IP info: 	xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:2124
References:	none found	SID: 	n/a

Date:	01/21 12:32:13 	Name:	(spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 2 seconds
Priority:	n/a 	Type:	n/a
IP info: 	xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:2154
References:	none found	SID: 	n/a



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ