As I flesh out more of the services that are offered on Shodan, I’ve started to look at some older protocols. To that end, I’ve added the following services:
All of these protocols have been deprecated due to security issues or superseded by better alternatives. Even though they’re probably not in the active minds of the modern sysadmin, these protocols are still alive on the Internet!
Displays information about the processes that are currently running on the system. Read More
- Port: 11
- Results: 2,969
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 47540 3680 ? Ss Mar04 0:01 /sbin/init
root 2 0.0 0.0 0 0 ? S Mar04 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S Mar04 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< Mar04 0:00 [kworker/0:0H]
root 7 0.0 0.0 0 0 ? S Mar04 0:00 [migration/0]
root 8 0.0 0.0 0 …
Note that the majority of the results don’t appear to actually be results of systat. Instead, it looks like the port has been re-purposed by a few people to run FTP, SSH and HTTP servers. This will also be true for netstat, where a lot of the results are from popular protocols running on a non-standard port.
A simple protocol that returns the current date and time for the server.
- Port: 13
- Results: 92,539
Tuesday, March 30, 1993 14:14:55-GMT
Shows all the currently active network connections on the device.
- Port: 15
- Results: 2,234
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:cvspserver *:* LISTEN
tcp 0 0 *:amandaidx *:* LISTEN
tcp 0 0 *:printer *:* LISTEN
tcp 0 0 *:amidxtape *:* LISTEN
tcp 0 0 *:wbem-https …
Quote of the Day
As the name implies it shows a quote when a user connects to the service. Read More
- Port: 17
- Results: 40,574
“We want a few mad people now. See where the sane ones have landed us!”
George Bernard Shaw (1856-1950)
A service that lets you get information about user accounts on the server. Read More
- Port: 79
- Results: 59,699
Line User Host(s) Idle Location
* 66 vty 0 idle 00:00:00
There will be separate blog posts to look at the details of who’s still running these ancient services, but the data’s already been gathered and is searchable on Shodan. So please check to make sure your organization isn’t inadvertently using any of these protocols! I’ll be keeping track of these services over the coming months to determine whether these protocols are becoming more or less active and by how much.