[FoRK] FoRK Orphans

Joseph S. Barrera III joe at barrera.org
Sat Mar 9 18:10:21 PST 2013


On 3/9/2013 5:20 PM, Stephen Williams wrote:

 > But look at the following.  Is the server dual-homed, or did someone 
forget to remove a zone line?

I think it's the latter. Running nmap -O on both addresses gives 
different uptimes, etc.

(pcds107./dev/shm)# nmap -O xent.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-03-09 18:05 PST
Interesting ports on xent.com (69.55.232.243):
Not shown: 1666 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
25/tcp   open     smtp
80/tcp   open     http
135/tcp  filtered msrpc
136/tcp  filtered profile
137/tcp  filtered netbios-ns
138/tcp  filtered netbios-dgm
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
587/tcp  open     submission
593/tcp  filtered http-rpc-epmap
993/tcp  open     imaps
8080/tcp open     http-proxy
8443/tcp open     https-alt
No exact OS matches for host (If you know what OS is running on it, see 
http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=4.11%P=x86_64-redhat-linux-gnu%D=3/9%Tm=513BEA5B%O=22%C=1)
TSeq(Class=RI%gcd=1%SI=410728%IPID=Z%TS=1000HZ)
TSeq(Class=RI%gcd=1%SI=410865%IPID=Z%TS=1000HZ)
TSeq(Class=RI%gcd=1%SI=410498%IPID=Z%TS=1000HZ)
T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=N)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
Uptime 42.582 days (since Sat Jan 26 04:06:49 2013)
Nmap finished: 1 IP address (1 host up) scanned in 13.590 seconds

(pcds107./tmp)# nmap -O www.xent.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-03-09 18:05 PST
Warning: Hostname www.xent.com resolves to 2 IPs. Using 66.96.163.141.
Interesting ports on 141.163.96.66.static.eigbox.net (66.96.163.141):
Not shown: 1021 filtered ports, 648 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
25/tcp   open  smtp
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
465/tcp  open  smtps
587/tcp  open  submission
993/tcp  open  imaps
995/tcp  open  pop3s
8080/tcp open  http-proxy
No OS matches for host (If you know what OS is running on it, see 
http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=4.11%P=x86_64-redhat-linux-gnu%D=3/9%Tm=513BEA74%O=21%C=20)
TSeq(Class=TR%IPID=RD%TS=1000HZ)
T1(Resp=Y%DF=Y%W=31B%ACK=S++%Flags=AS%Ops=MNWNNT)
T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=N)
T4(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=N)
Uptime 15.931 days (since Thu Feb 21 19:44:28 2013)
Nmap finished: 1 IP address (1 host up) scanned in 16.598 seconds



More information about the FoRK mailing list