[47967] in North American Network Operators' Group
Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product)
daemon@ATHENA.MIT.EDU (Ralph Doncaster)
Sun May 19 12:33:02 2002
Date: Sun, 19 May 2002 12:33:32 -0400 (EDT)
From: Ralph Doncaster <ralph@istop.com>
To: JC Dill <nanog@vo.cnchost.com>
Cc: "nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <5.0.0.25.2.20020519081656.0392d250@pop3.vo.cnchost.com>
Message-ID: <Pine.LNX.4.21.0205191228070.3080-100000@cpu1693.adsl.bellglobal.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> <http://uptime.netcraft.com/up/graph/?mode_u=off&mode_w=on&site=www.cnn.com>
>
> Works for me, works from any system that has a browser. At any given time
> I'm *far* more likely to have a browser running than port scanning
> software, so this solution is also IMHO faster.
Until today netcraft listed agamemnon.cnchost.com as unknown.
I ran nmap to see what it says, so I guess you should assume I'm
hostile. ;-)
Interesting ports on agamemnon.cnchost.com (207.155.252.31):
(The 1519 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
TCP Sequence Prediction: Class=truly random
Difficulty=9999999 (Good luck!)
No OS matches for host (If you know what OS is running on it, see
http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
TSeq(Class=TR)
T1(Resp=Y%DF=Y%W=6045%ACK=S++%Flags=AS%Ops=NWM)
T2(Resp=N)
T3(Resp=N)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=N)
