From: "Warren Togami Jr." <wtogami@gmail•com>
To: Jonathan Wilkins <j@blockstream•com>
Cc: bitcoin-dev@lists•linuxfoundation.org
Subject: Re: [bitcoin-dev] That email was almost certainly not the real Satoshi
Date: Mon, 17 Aug 2015 11:54:04 -0700 [thread overview]
Message-ID: <CAEz79Pq5Wt6ZOAhHxjhf_wSrdarVs5Yxtr7KTHXCssjJF-fQPg@mail.gmail.com> (raw)
In-Reply-To: <CAL0tybf2q=Mw8tmJFGJ+Y7n2vTi83XrMMOi2K0Bysr2KNaQtLg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4563 bytes --]
Dude, while it does appear plausible that the box is insecure, is it truly
warranted to jump to any particular conclusion from that alone?
What if all the open ports is just because it is a honey pot?
On Mon, Aug 17, 2015 at 11:41 AM, Jonathan Wilkins via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:
> I'm sure that most people here were skeptical, but FWIW, the server that
> hosts vistomail.com is a mess, it's a Plesk box with more than a couple
> of services with dubious security histories. MailEnable smtpd, MSRPC, RDP,
> see for yourself:
>
> Most likely someone popped the box and is entertaining themselves.
>
> Nmap scan report for vistomail.com (190.97.163.93)
> Host is up (0.10s latency).
> Not shown: 65521 filtered ports
> PORT STATE SERVICE VERSION
> 21/tcp open ftp Microsoft ftpd
> | ssl-cert: Subject: commonName=secureanonymoussurfing.com
> | Not valid before: 2015-05-03T00:00:00+00:00
> |_Not valid after: 2018-05-02T23:59:59+00:00
> |_ssl-date: 2015-08-16T00:08:25+00:00; +1m09s from local time.
> 25/tcp open smtp MailEnable smptd 8.60--
> | smtp-commands: vistomail.com [192.241.217.85], this server offers 4
> extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
> |_ 211 Help:->Supported Commands:
> HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
> 53/tcp open domain Microsoft DNS 6.1.7601
> | dns-nsid:
> |_ bind.version: Microsoft DNS 6.1.7601 (1DB14556)
> 80/tcp open http Microsoft IIS httpd 7.5
> |_http-favicon: Parallels Control Panel
> | http-methods: Potentially risky methods: TRACE
> |_See http://nmap.org/nsedoc/scripts/http-methods.html
> | http-ntlm-info:
> | Target_Name: DS04
> | NetBIOS_Domain_Name: DS04
> | NetBIOS_Computer_Name: DS04
> | DNS_Domain_Name: DS04
> | DNS_Computer_Name: DS04
> |_ Product_Version: 6.1 (Build 7601)
> |_http-title: Domain Default page
> 110/tcp open pop3 MailEnable POP3 Server
> |_pop3-capabilities: USER TOP UIDL
> 135/tcp open msrpc Microsoft Windows RPC
> 143/tcp open imap MailEnable imapd
> |_imap-capabilities: completed CAPABILITY AUTH=CRAM-MD5 CHILDREN
> UIDPLUSA0001 AUTH=LOGIN IMAP4rev1 OK IDLE IMAP4
> 443/tcp open ssl/http Microsoft IIS httpd 7.5
> |_http-favicon: Parallels Control Panel
> | http-methods: Potentially risky methods: TRACE
> |_See http://nmap.org/nsedoc/scripts/http-methods.html
> |_http-title: Domain Default page
> | ssl-cert: Subject: commonName=secureanonymoussurfing.com
> | Not valid before: 2015-05-03T00:00:00+00:00
> |_Not valid after: 2018-05-02T23:59:59+00:00
> |_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
> 587/tcp open smtp MailEnable smptd 8.60--
> | smtp-commands: vistomail.com [192.241.217.85], this server offers 4
> extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
> |_ 211 Help:->Supported Commands:
> HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
> 3389/tcp open ms-wbt-server Microsoft Terminal Service
> 8443/tcp open https-alt?
> | ssl-cert: Subject: commonName=Parallels
> Panel/organizationName=Parallels,
> Inc./stateOrProvinceName=Virginia/countryName=US
> | Not valid before: 2015-03-13T19:40:20+00:00
> |_Not valid after: 2016-03-12T19:40:20+00:00
> |_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
> 8880/tcp open http Microsoft IIS httpd 7.5
> |_http-favicon: Parallels Control Panel
> |_http-methods: No Allow or Public header in OPTIONS response (status code
> 500)
> |_http-title: Site doesn't have a title (text/html; charset=utf-8).
> 49154/tcp open msrpc Microsoft Windows RPC
> 49156/tcp open msrpc Microsoft Windows RPC
> Warning: OSScan results may be unreliable because we could not find at
> least 1 open and 1 closed port
> Device type: general purpose|phone
> Running: Microsoft Windows 2008|7|Phone|Vista
> OS CPE: cpe:/o:microsoft:windows_server_2008:r2
> cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8
> cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::-
> cpe:/o:microsoft:windows_vista::sp1
> OS details: Windows Server 2008 R2, Microsoft Windows 7 Professional or
> Windows 8, Microsoft Windows Phone 7.5 or 8.0, Microsoft Windows Vista SP0
> or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2,
> Windows 7 SP1, or Windows Server 2008
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
[-- Attachment #2: Type: text/html, Size: 5845 bytes --]
prev parent reply other threads:[~2015-08-17 18:54 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-17 18:41 Jonathan Wilkins
2015-08-17 18:54 ` Warren Togami Jr. [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAEz79Pq5Wt6ZOAhHxjhf_wSrdarVs5Yxtr7KTHXCssjJF-fQPg@mail.gmail.com \
--to=wtogami@gmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=j@blockstream$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox