Kalos
19-10-2002, 23:51
Bilancino Help.
Bilancino mi hai risposto su altro forum ricordi? Dietro tuo suggerimento ho creato una nuova regola nel firewall per chiudere tutte le porte udp trovate aperte dalla scansione.
Fatto ciò, rivado sul sito e il risultato è "tutte le porte sono chiuse"
Dopo un'intera giornata di navigare, postare, scaricare p2p, rifaccio il test e sorpresa guarda un pò:
FTP DATA 20 OPEN Used by FTP for data transmission in Passive mode.
FTP 21 OPEN File Transfer Protocol is used to transfer files between computers. A misconfigured FTP server can allow an attacker to transfer files, Trojan horses, and virus programs at will.
SSH 22 OPEN Secure Shell, a encrypted type of Telnet. If misconfigured it can allow for brute-force attacks on your administration account.
TELNET 23 OPEN Telnet is used to remotely create a shell (dos prompt), this can allow an attacker to control your system as if he was sitting in front of it.
SMTP 25 OPEN SMTP is used to send email across the internet. This allows an attacker to verify user accounts on your system, send anonymous (spam) email, or even access files on your hard drive.
DNS 53 OPEN Domain Name Services are used to resolve host names to IP addresses.
DCC 59 OPEN Used mainly by file transfer and chat programs.
DHCP SERVER 67 OPEN none
FINGER 79 OPEN Finger offers information about who is currently logged in to your computer.
WEB 80 OPEN HTTP web services publish web pages. A misconfigured web server can not only offer an attacker needed information about his target, but it can allow for various security breaches.
POP3 110 OPEN Post Office Protocol is used to receive email. It can be used by attackers to create fake email addresses, execute programs, and even intercept your private email.
SUNRPC 111 OPEN Often used by SUN and Unix machines for Remote Procedure Calls.
IDENT 113 OPEN Ident is often used for IRC (chat), but also provides information about your system and who is using it.
Location Service 135 OPEN Microsoft relies upon DCE Locator service (RPC) to remotely manage services like DHCP server, DNS server and WINS server.
NetBIOS-NS 137 OPEN Windows/Samba file and print sharing.
NetBIOS-DGM 138 OPEN Windows/Samba file and print sharing.
NetBIOS 139 OPEN NetBios is used to share files through your Network Neighborhood. If you are connected to the internet with this open, you could be sharing your whole hard drive with the world! This is a very dangerous port to have open.
HTTPS 443 OPEN Secure Web Servers are often used by banks and online vendors.
Server Message Block 445 OPEN In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT.
SOCKS PROXY 1080 OPEN Socks Proxy is an internet proxy service, many IRC servers will not allow you to log in if you are running an unsecured socks proxy.
UPnP 1900 OPEN This is the port used by Universal Plug and Play (UPnP). If this port is open anyone on the Internet may be able to
WEB PROXY 8080 OPEN HTTP Web Proxy allows other people to bounce their web browser off of your computer to fake their real IP address to web servers.
Results from UDP scan of commonly used trojans at IP address:
Service Ports Status Possible Trojan
Trojan 6776 OPEN BackDoor-G, SubSeven
Trojan 12345 OPEN GabanBus, NetBus, Pie Bill Gates, X-bill
Trojan 20034 OPEN NetBus 2 Pro
Trojan 31337 OPEN Baron Night, BO client, BO2, Bo Facil, BackFire, Back Orifice, DeepBO
Trojan 54320 OPEN Back Orifice 2000
Trojan 54321 OPEN School Bus, Back Orifice 2000
Cosa devo fare????? :confused:
<>Au rEvOiR<>
Bilancino mi hai risposto su altro forum ricordi? Dietro tuo suggerimento ho creato una nuova regola nel firewall per chiudere tutte le porte udp trovate aperte dalla scansione.
Fatto ciò, rivado sul sito e il risultato è "tutte le porte sono chiuse"
Dopo un'intera giornata di navigare, postare, scaricare p2p, rifaccio il test e sorpresa guarda un pò:
FTP DATA 20 OPEN Used by FTP for data transmission in Passive mode.
FTP 21 OPEN File Transfer Protocol is used to transfer files between computers. A misconfigured FTP server can allow an attacker to transfer files, Trojan horses, and virus programs at will.
SSH 22 OPEN Secure Shell, a encrypted type of Telnet. If misconfigured it can allow for brute-force attacks on your administration account.
TELNET 23 OPEN Telnet is used to remotely create a shell (dos prompt), this can allow an attacker to control your system as if he was sitting in front of it.
SMTP 25 OPEN SMTP is used to send email across the internet. This allows an attacker to verify user accounts on your system, send anonymous (spam) email, or even access files on your hard drive.
DNS 53 OPEN Domain Name Services are used to resolve host names to IP addresses.
DCC 59 OPEN Used mainly by file transfer and chat programs.
DHCP SERVER 67 OPEN none
FINGER 79 OPEN Finger offers information about who is currently logged in to your computer.
WEB 80 OPEN HTTP web services publish web pages. A misconfigured web server can not only offer an attacker needed information about his target, but it can allow for various security breaches.
POP3 110 OPEN Post Office Protocol is used to receive email. It can be used by attackers to create fake email addresses, execute programs, and even intercept your private email.
SUNRPC 111 OPEN Often used by SUN and Unix machines for Remote Procedure Calls.
IDENT 113 OPEN Ident is often used for IRC (chat), but also provides information about your system and who is using it.
Location Service 135 OPEN Microsoft relies upon DCE Locator service (RPC) to remotely manage services like DHCP server, DNS server and WINS server.
NetBIOS-NS 137 OPEN Windows/Samba file and print sharing.
NetBIOS-DGM 138 OPEN Windows/Samba file and print sharing.
NetBIOS 139 OPEN NetBios is used to share files through your Network Neighborhood. If you are connected to the internet with this open, you could be sharing your whole hard drive with the world! This is a very dangerous port to have open.
HTTPS 443 OPEN Secure Web Servers are often used by banks and online vendors.
Server Message Block 445 OPEN In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT.
SOCKS PROXY 1080 OPEN Socks Proxy is an internet proxy service, many IRC servers will not allow you to log in if you are running an unsecured socks proxy.
UPnP 1900 OPEN This is the port used by Universal Plug and Play (UPnP). If this port is open anyone on the Internet may be able to
WEB PROXY 8080 OPEN HTTP Web Proxy allows other people to bounce their web browser off of your computer to fake their real IP address to web servers.
Results from UDP scan of commonly used trojans at IP address:
Service Ports Status Possible Trojan
Trojan 6776 OPEN BackDoor-G, SubSeven
Trojan 12345 OPEN GabanBus, NetBus, Pie Bill Gates, X-bill
Trojan 20034 OPEN NetBus 2 Pro
Trojan 31337 OPEN Baron Night, BO client, BO2, Bo Facil, BackFire, Back Orifice, DeepBO
Trojan 54320 OPEN Back Orifice 2000
Trojan 54321 OPEN School Bus, Back Orifice 2000
Cosa devo fare????? :confused:
<>Au rEvOiR<>