[H-GEN] Router Intrusion?
Conor Cunningham
cunningtek at optusnet.com.au
Sun Oct 5 23:47:49 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Hello All,
I have a sneaking suspicion the my router, running smoothwall GPL 1.0
patched to patch 5, (they are up to 8 I know), seems to be running really
oddly. I can't access the web remote admin service and the only services
that are open are the following (taken from NMAPWin).
Starting nmap V. 3.00 ( www.insecure.org/nmap )
Interesting ports on siphon (192.168.1.1):
(The 1599 ports scanned but not shown below are in state: closed)
Port State Service
53/tcp open domain
222/tcp open rsh-spx
Remote operating system guess: Linux 2.1.19 - 2.2.20
Uptime 12.115 days (since Wed Sep 24 10:53:39 2003)
Nmap run completed -- 1 IP address (1 host up) scanned in 5 seconds
Normally there are lots more, and I never recall using DNS on 53, actually
never recall using DNS at all. I have just done a reboot and the same scan
came up which is not right. I have read in the last week about some
vulnerabilities that I am assuming my Smoothie was vulnerable to.
I give my permission to people on this list to do a security scan on my
machine, if they think it would be of any use for informative purposes. I
am a bit lost at the moment, so any advice would be great.
My IP is 210.49.33.240.
Thanks again.
--
Regards,
Conor Cunningham
Managing Director
Cunningtek Technologies
ABN: 92 097 126 695
cunningtek at optushome.net.au
0411 545 998
DIGITAL FINGERPRINT
4E60 84BD 62A6 5527 F2A7 3F34 1B24 AB4A 25D6 E03B
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list