Boa tarde aos amigos.
Gostaria que pudessem avaliar se procede minha preocupacao quanto a um dispositivo encontrado na rede que utilizo.
O comando utilizado foi o nmap com os servicos respectivos apresentados
pelo comando.
Nmap scan report for ...
Host is up (0.36s latency).
Not shown: 983 filtered ports
PORT STATE SERVICE
106/tcp closed pop3pw
179/tcp closed bgp
1192/tcp closed caids-sensor
1236/tcp closed bvcontrol
1300/tcp closed h323hostcallsc
2045/tcp closed cdfunc
2065/tcp closed dlsrpn
3889/tcp closed dandv-tester
3995/tcp closed iss-mgmt-ssl
4001/tcp closed newoak
6156/tcp closed unknown
6667/tcp closed irc
6969/tcp closed acmsoda
8652/tcp closed unknown
9000/tcp closed cslistener
10004/tcp closed emcrmirccd
32774/tcp closed sometimes-rpc11
MAC Address: EE:99:A4:D3:82:69 (Unknown)
--
Atenciosamente,
Luiz Carlos Proenca Gil
179/tcp closed bgp<br>1192/tcp closed caids-sensor<br>1236/tcp closed bvcontrol<br>1300/tcp closed h323hostcallsc<br>2045/tcp closed cdfunc<br>2065/tcp closed dlsrpn<br>3889/tcp closed dandv-tester<br>3995/tcp closed iss-mgmt-ssl<br>4001/tcp closed newoak<br>6156/tcp closed unknown<br>6667/tcp closed irc<br>6969/tcp closed acmsoda<br>8652/tcp closed unknown<br>9000/tcp closed cslistener<br>10004/tcp closed emcrmirccd<br>32774/tcp closed sometimes-rpc11<br>MAC Address: EE:
Boa tarde aos amigos.
Gostaria que pudessem avaliar se procede minha preocupacao quanto a um dispositivo encontrado na rede que utilizo.
O comando utilizado foi o nmap com os servicos respectivos
apresentados pelo comando.
Nmap scan report for ...
Host is up (0.36s latency).
Not shown: 983 filtered ports
PORT STATE SERVICE
106/tcp closed pop3pw
179/tcp closed bgp
1192/tcp closed caids-sensor
1236/tcp closed bvcontrol
1300/tcp closed h323hostcallsc
2045/tcp closed cdfunc
2065/tcp closed dlsrpn
3889/tcp closed dandv-tester
3995/tcp closed iss-mgmt-ssl
4001/tcp closed newoak
6156/tcp closed unknown
6667/tcp closed irc
6969/tcp closed acmsoda
8652/tcp closed unknown
9000/tcp closed cslistener
10004/tcp closed emcrmirccd
32774/tcp closed sometimes-rpc11
MAC Address: EE:99:A4:D3:82:69 (Unknown)
--
Atenciosamente,
Luiz Carlos Proenca Gil
Olá!
Aconselho rodar o nmap em todas as porta TCP e UDP, veja um
exemplo:
# nmap -p 0-65535 192.168.0.1
Starting Nmap 7.80 ( https://nmap.org ) at 2021-02-15 14:22 -03
Nmap scan report for 192.168.0.1
Host is up (0.0034s latency).
Not shown: 65533 filtered ports
PORT STATE SERVICE
80/tcp open http
1900/tcp closed upnp
1910/tcp closed ultrabac
Nmap done: 1 IP address (1 host up) scanned in 110.45 seconds
Aqui nota-se que de todas as portas TCPs, apenas 3 responderam, dessas, uma (80) respondeu OK e duas responderam negativamente, isto é, estão abertas, tem um software escutando nessas portas, mas cada um recusou a conexão do nmap.
Para UDP:
# nmap -sU -p 0-65535 192.168.0.1
Starting Nmap 7.80 ( https://nmap.org ) at 2021-02-15 14:31 -03
Nmap scan report for 192.168.0.1
Host is up (0.0018s latency).
Not shown: 65527 open|filtered ports
PORT STATE SERVICE
67/udp closed dhcps
1017/udp closed unknown
1060/udp closed polestar
1061/udp closed kiosk
1062/udp closed veracity
1063/udp closed kyoceranetdev
1064/udp closed jstel
1900/udp closed upnp
17185/udp closed wdbrpc
MAC Address: 00:01:02:03:07:06 (Tp-link Technologies)
Nmap done: 1 IP address (1 host up) scanned in 153.28 seconds
Aqui nota-se que de todas as portas UDPs, apenas 9 responderam negativamente, isto é, estão abertas, tem um software escutando nessas portas, mas cada um recusou a conexão do nmap.
Agora se é um dispositivo suspeito, coloque-o em uma rede separada (VLAN por exemplo) e monitore/controle todo o tráfego para o mesmo.
--
[]'s
Junior Polegato
Em 15/02/2021 13:01, luiz gil escreveu:
Boa tarde aos amigos.
Gostaria que pudessem avaliar se procede minha preocupacao quanto a um dispositivo encontrado na rede que utilizo.
O comando utilizado foi o nmap com os servicos respectivos apresentados
pelo comando.
Nmap scan report for ...
Host is up (0.36s latency).
Not shown: 983 filtered ports
PORT STATE SERVICE
106/tcp closed pop3pw
179/tcp closed bgp
1192/tcp closed caids-sensor
1236/tcp closed bvcontrol
1300/tcp closed h323hostcallsc
2045/tcp closed cdfunc
2065/tcp closed dlsrpn
3889/tcp closed dandv-tester
3995/tcp closed iss-mgmt-ssl
4001/tcp closed newoak
6156/tcp closed unknown
6667/tcp closed irc
6969/tcp closed acmsoda
8652/tcp closed unknown
9000/tcp closed cslistener
10004/tcp closed emcrmirccd
32774/tcp closed sometimes-rpc11
MAC Address: EE:99:A4:D3:82:69 (Unknown)
--
Atenciosamente,
Luiz Carlos Proenca Gil
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 73:56:07 |
Calls: | 6,657 |
Calls today: | 3 |
Files: | 12,203 |
Messages: | 5,332,496 |
Posted today: | 1 |