Blast from the Past

As I flesh out more of the services that are offered on Shodan, I’ve started to look at some older protocols. To that end, I’ve added the following services:

All of these protocols have been deprecated due to security issues or superseded by better alternatives. Even though they’re probably not in the active minds of the modern sysadmin, these protocols are still alive on the Internet!

Systat

Displays information about the processes that are currently running on the system. Read More

  • Port: 11
  • Results: 2,969

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 47540 3680 ? Ss Mar04 0:01 /sbin/init
root 2 0.0 0.0 0 0 ? S Mar04 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S Mar04 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< Mar04 0:00 [kworker/0:0H]
root 7 0.0 0.0 0 0 ? S Mar04 0:00 [migration/0]
root 8 0.0 0.0 0 …

Note that the majority of the results don’t appear to actually be results of systat. Instead, it looks like the port has been re-purposed by a few people to run FTP, SSH and HTTP servers. This will also be true for netstat, where a lot of the results are from popular protocols running on a non-standard port.

Daytime

A simple protocol that returns the current date and time for the server.

  • Port: 13
  • Results: 92,539

Tuesday, March 30, 1993 14:14:55-GMT

Netstat

Shows all the currently active network connections on the device.

  • Port: 15
  • Results: 2,234

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:cvspserver *:* LISTEN
tcp 0 0 *:amandaidx *:* LISTEN
tcp 0 0 *:printer *:* LISTEN
tcp 0 0 *:amidxtape *:* LISTEN
tcp 0 0 *:wbem-https …

Quote of the Day

As the name implies it shows a quote when a user connects to the service. Read More

  • Port: 17
  • Results: 40,574

“We want a few mad people now. See where the sane ones have landed us!”
George Bernard Shaw (1856-1950)

Finger

A service that lets you get information about user accounts on the server. Read More

  • Port: 79
  • Results: 59,699

Line User Host(s) Idle Location
* 66 vty 0 idle 00:00:00

There will be separate blog posts to look at the details of who’s still running these ancient services, but the data’s already been gathered and is searchable on Shodan. So please check to make sure your organization isn’t inadvertently using any of these protocols! I’ll be keeping track of these services over the coming months to determine whether these protocols are becoming more or less active and by how much.

Advertisements

4 comments

    • clubmaster

      P.S Ich nutze kein Paypal und Co (obwohl ich Acc´s hätte ;-D )
      Schalt mich endlich frei und ich Spende die Kohle. Musst mir nur sagen wohin-> keine Bucks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s