Ron Johnson <ron.l.johnson@cox.net> writes:
>> > http://www.br-issa.org
>>
>> Anybody know these guys?
>
> I don't know them, but I do know something:
> $ nmap www.br-issa.org|grep open
> 1/tcp open tcpmux
> 21/tcp open ftp
> 22/tcp open ssh
> 80/tcp open http
> 110/tcp open pop3
> 111/tcp open rpcbind <<<<<<<<<<<
> 143/tcp open imap <<<<<<<<<<<
> 465/tcp open smtps
> 993/tcp open imaps
> 995/tcp open pop3s
> 3306/tcp open mysql <<<<<<<<<<<
>
> These, of course, may not be security holes, but would make me
> worry.
They're not holes per se, but they might have holes in them. They're
using a hosting provider and those services are probably what they
offer. It's entirely possible that the IMAP service requires TLS and
thus would be encrypted. POP3 without encryption is no better, after
all. mysql can also be used with SSL. Now leaving rpc open (for nfs?!)
is probably not a good idea, though portmap typically can be
controlled a bit with tcp-wrappers though I wouldn't leave it unblocked
to the net at large. As long as the hosting service keeps up with
recent security patches, runs some IDS and perhaps other countermeasures
at the edge and monitors them, and instructs their clients to
prefer the SSL/TLS encrypted versions of protocols they're doing
pretty good.
Here's more info:
$ dig www.br-issa.org
; <<>> DiG 9.2.3 <<>> www.br-issa.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14005
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.br-issa.org. IN A
;; ANSWER SECTION:
www.br-issa.org. 14134 IN CNAME br-issa.org.
br-issa.org. 14134 IN A 69.73.171.5
;; Query time: 17 msec
;; SERVER: 192.168.2.6#53(192.168.2.6)
;; WHEN: Tue Apr 13 19:30:00 2004
;; MSG SIZE rcvd: 63
$ whois 69.73.171.5
OrgName: Jaguar Technologies LLC
OrgID: JTL-8
Address: 4201 SW Freeway
City: Houston
StateProv: TX
PostalCode: 77478
Country: US
NetRange: 69.73.128.0 - 69.73.191.255
CIDR: 69.73.128.0/18
NetName: JAGUAR-TECHNOLOGIES-NOC
NetHandle: NET-69-73-128-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS.NOCDIRECT.COM
NameServer: NS2.NOCDIRECT.COM
Comment: NOCDIRECT
RegDate: 2003-11-05
Updated: 2003-11-05
AbuseHandle: ABUSE370-ARIN
AbuseName: Abuse
AbusePhone: +1-713-960-1502
AbuseEmail: abuse@jaguarpc.com
OrgTechHandle: GL538-ARIN
OrgTechName: Landis, Greg
OrgTechPhone: +1-832-279-5529
OrgTechEmail: admin@jaguarpc.net
# ARIN WHOIS database, last updated 2004-04-12 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
going to www.jaguarpc.com reveals a pretty straightforward web hosting
service.
-- Scott Harney<scotth@scottharney.com> "Asking the wrong questions is the leading cause of wrong answers" gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5 ___________________ Nolug mailing list nolug@nolug.orgReceived on 04/13/04
This archive was generated by hypermail 2.2.0 : 12/19/08 EST