Log_File

2002

Date: Tue, 7 May 2002 16:46:31 +0200
From: Florian Cramer <cantsin@zedat.fu-berlin.de>
To: Nettime <nettime-l@bbs.thing.net>

Am Tue, 07.May.2002 um 13:14:24 +0200x schrieb knowbotic.research:
>
> In the project, we are using non-invasive SECURITY scanning tools, which
> systems administrators alike use in order to detect security holes on the
>
All 1549 scanned ports on (209.73.19.97) are: UNfiltered


Interesting ports on (209.73.19.97):
(The 1542 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
80/tcp open http
111/tcp open sunrpc
443/tcp open https
901/tcp open samba-swat
3306/tcp open mysql
6000/tcp open X11

+ unitedwehack.ath.cx :
. List of open ports :
o general/tcp (Security warnings found)
o general/udp (Security notes found)
o unknown (32768/tcp) (Security warnings found)
o general/icmp (Security warnings found)


. Warning found on port general/tcp


Microsoft Windows 95 and 98 clients have the ability
to bind multiple TCP/IP stacks on the same MAC address,
simply by having the protocol addded more than once
in the Network Control panel.

The remote host has several TCP/IP stacks with the
same IP binded on the same MAC adress. As a result,
it will reply several times to the same packets,
such as by sending multiple ACK to a single SYN,
creating noise on your network. If several hosts
behave the same way, then your network will be brought
down.

Solution : remove all the IP stacks except one in the remote
host
Risk factor :
Medium

. Warning found on port general/tcp


The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.

An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.

Solution : Contact your vendor for a patch
Risk factor :
Low

. Information found on port general/udp

For your information, here is the traceroute to 209.73.19.97 :
160.45.155.1
130.133.98.2
188.1.33.33
188.1.20.5
188.1.18.110
134.222.130.229
134.222.231.5
134.222.230.17
134.222.230.6
134.222.229.238
134.222.229.234
205.171.30.145
205.171.230.22
205.171.30.86
205.171.62.2
206.252.135.2
209.73.19.65
209.73.19.97
. Warning found on port unknown (32768/tcp)

The fam RPC service is running.
Several versions of this service have
a well-known buffer oveflow condition
that allows intruders to execute
arbitrary commands as root on this system.

Solution : disable this service in /etc/inetd.conf
More information :
http://www.nai.com/nai_labs/asp_set/advisory/16_fam_adv.asp
Risk factor : High
CVE : CVE-1999-0059
Warning found on port general/icmp

The remote host answers to an ICMP timestamp
request. This allows an attacker to know the
date which is set on your machine.

This may help him to defeat all your
time based authentifications protocols.

Solution : filter out the icmp timestamp
requests (13), and the outgoing icmp
timestamp replies (14).

Risk factor : Low
CVE : CAN-1999-0524

Florian

Location
On the US legal bug
7.5.:
<nettime> PDS
7.5.: Re: <nettime> [L. Brown]
7.5.: Re: <nettime> [F. Cramer]
8.5.:Re: <nettime> KR
8.5.: scan reports
9.5.: Server Migration US
Port scanning is legal in the US

10.5.: provider vs kr

CRACKED ..Minds of concern::breakingnews...!!
May 12,2002

13.5.:New York Times Article
RE2: NYTIMES article
RE2: NYTIMES article
RE:3 NYTIMES article: KR
15.5.: wired article
[ thing] review
19.5.: Sonntagszeitung
13.6.: neural.it

14.6.:NZZ



(original article)

Invitation to the open source exhibition
curated by Steve Dietz and Jenny Markatou (?)