Have you Probed your FiOS Motorola STB on LAN

I attempted to telnet into the device but was denied, so resorted to nmap.

If you have FiOS service, are you getting these results with nmap?
Does anything look suspicious?

Why does the STB need ida-agent?

Code:

# nmap -sSV -T4 -F -d <STB IP address>

Interesting ports on IP-STB2.home (STB IP address):
PORT STATE SERVICE REASON VERSION
7/tcp closed echo reset
9/tcp closed discard reset
13/tcp closed daytime reset
21/tcp closed ftp reset
22/tcp closed ssh reset
23/tcp closed telnet reset
25/tcp closed smtp reset
26/tcp closed rsftp reset
37/tcp closed time reset
53/tcp closed domain reset
79/tcp closed finger reset
80/tcp closed http reset
81/tcp closed hosts2-ns reset
88/tcp closed kerberos-sec reset
106/tcp closed pop3pw reset
110/tcp closed pop3 reset
111/tcp closed rpcbind reset
113/tcp closed auth reset
119/tcp closed nntp reset
135/tcp closed msrpc reset
139/tcp closed netbios-ssn reset
143/tcp closed imap reset
144/tcp closed news reset
179/tcp closed bgp reset
199/tcp closed smux reset
389/tcp closed ldap reset
427/tcp closed svrloc reset
443/tcp closed https reset
444/tcp closed snpp reset
445/tcp closed microsoft-ds reset
465/tcp closed smtps reset
513/tcp closed login reset
514/tcp closed shell reset
515/tcp closed printer reset
543/tcp closed klogin reset
544/tcp closed kshell reset
548/tcp closed afp reset
554/tcp closed rtsp reset
587/tcp closed submission reset
631/tcp closed ipp reset
646/tcp closed ldp reset
873/tcp closed rsync reset
990/tcp closed ftps reset
993/tcp closed imaps reset
995/tcp closed pop3s reset
1025/tcp closed NFS-or-IIS reset
1026/tcp closed LSA-or-nterm reset
1027/tcp closed IIS reset
1028/tcp closed unknown reset
1029/tcp closed ms-lsa reset
1110/tcp closed nfsd-status reset
1433/tcp closed ms-sql-s reset
1720/tcp closed H.323/Q.931 reset
1723/tcp closed pptp reset
1755/tcp closed wms reset
1900/tcp closed upnp reset
2000/tcp closed callbook reset
2001/tcp closed dc reset
2049/tcp closed nfs reset
2121/tcp closed ccproxy-ftp reset
2717/tcp closed unknown reset
3000/tcp closed ppp reset
3128/tcp closed squid-http reset
3306/tcp closed mysql reset
3389/tcp closed ms-term-serv reset
3986/tcp closed mapper-ws_ethd reset
4899/tcp closed radmin reset
5000/tcp closed upnp reset
5009/tcp closed airport-admin reset
5051/tcp closed ida-agent reset
5060/tcp closed sip reset
5101/tcp closed admdog reset
5190/tcp closed aol reset
5357/tcp closed unknown reset
5432/tcp closed postgresql reset
5631/tcp closed pcanywheredata reset
5666/tcp closed nrpe reset
5800/tcp closed vnc-http reset
5900/tcp closed vnc reset
6000/tcp closed X11 reset
6001/tcp closed X11:1 reset
6646/tcp closed unknown reset
7070/tcp closed realserver reset
8000/tcp closed http-alt reset
8008/tcp closed http reset
8009/tcp closed ajp13 reset
8080/tcp closed http-proxy reset
8081/tcp closed blackice-icecap reset
8443/tcp closed https-alt reset
8888/tcp closed sun-answerbook reset
9100/tcp closed jetdirect reset
9999/tcp closed abyss reset
10000/tcp closed snet-sensor-mgmt reset
32768/tcp closed unknown reset
49152/tcp closed unknown reset
49153/tcp closed unknown reset
49154/tcp closed unknown reset
49155/tcp closed unknown reset
49156/tcp closed unknown reset
49157/tcp closed unknown reset

 

A udp scan on FiOS Motorola STB.

Code:

# nmap -sUV -F -d <STB IP address>

Interesting ports on IP-STB1.home (STB IP address):
PORT STATE SERVICE REASON VERSION
7/udp closed echo port-unreach
9/udp closed discard port-unreach
17/udp closed qotd port-unreach
19/udp closed chargen port-unreach
49/udp closed tacacs port-unreach
53/udp closed domain port-unreach
67/udp closed dhcps port-unreach
68/udp open|filtered dhcpc no-response
69/udp closed tftp port-unreach
80/udp closed http port-unreach
88/udp closed kerberos-sec port-unreach
111/udp closed rpcbind port-unreach
120/udp closed cfdptkt port-unreach
123/udp closed ntp port-unreach
135/udp closed msrpc port-unreach
136/udp closed profile port-unreach
137/udp closed netbios-ns port-unreach
138/udp closed netbios-dgm port-unreach
139/udp closed netbios-ssn port-unreach
158/udp closed pcmail-srv port-unreach
161/udp closed snmp port-unreach
162/udp closed snmptrap port-unreach
177/udp closed xdmcp port-unreach
427/udp closed svrloc port-unreach
443/udp closed https port-unreach
445/udp closed microsoft-ds port-unreach
497/udp closed retrospect port-unreach
500/udp closed isakmp port-unreach
514/udp closed syslog port-unreach
515/udp closed printer port-unreach
518/udp closed ntalk port-unreach
520/udp closed route port-unreach
593/udp closed http-rpc-epmap port-unreach
623/udp closed asf-rmcp port-unreach
626/udp closed serialnumberd port-unreach
631/udp closed ipp port-unreach
996/udp closed vsinet port-unreach
997/udp closed maitrd port-unreach
998/udp closed puparp port-unreach
999/udp closed applix port-unreach
1022/udp closed unknown port-unreach
1023/udp closed unknown port-unreach
1025/udp closed blackjack port-unreach
1026/udp closed win-rpc port-unreach
1027/udp closed unknown port-unreach
1028/udp closed ms-lsa port-unreach
1029/udp closed unknown port-unreach
1030/udp closed iad1 port-unreach
1433/udp closed ms-sql-s port-unreach
1434/udp closed ms-sql-m port-unreach
1645/udp closed radius port-unreach
1646/udp closed radacct port-unreach
1701/udp closed L2TP port-unreach
1718/udp closed h225gatedisc port-unreach
1719/udp closed h323gatestat port-unreach
1812/udp closed radius port-unreach
1813/udp closed radacct port-unreach
1900/udp closed upnp port-unreach
2000/udp closed callbook port-unreach
2048/udp closed dls-monitor port-unreach
2049/udp closed nfs port-unreach
2222/udp closed msantipiracy port-unreach
2223/udp closed unknown port-unreach
3283/udp closed netassistant port-unreach
3456/udp closed IISrpc-or-vat port-unreach
3703/udp closed unknown port-unreach
4444/udp closed krb524 port-unreach
4500/udp closed nat-t-ike port-unreach
5000/udp closed upnp port-unreach
5060/udp closed sip port-unreach
5353/udp closed zeroconf port-unreach
5632/udp closed pcanywherestat port-unreach
9200/udp closed wap-wsp port-unreach
10000/udp closed unknown port-unreach
17185/udp closed wdbrpc port-unreach
20031/udp closed bakbonenetvault port-unreach
30718/udp closed unknown port-unreach
31337/udp closed BackOrifice port-unreach
32768/udp closed omad port-unreach
32769/udp closed unknown port-unreach
32771/udp closed sometimes-rpc6 port-unreach
32815/udp closed unknown port-unreach
33281/udp open|filtered unknown no-response
49152/udp closed unknown port-unreach
49153/udp closed unknown port-unreach
49154/udp closed unknown port-unreach
49156/udp closed unknown port-unreach
49181/udp closed unknown port-unreach
49182/udp closed unknown port-unreach
49185/udp closed unknown port-unreach
49186/udp closed unknown port-unreach
49188/udp closed unknown port-unreach
49190/udp closed unknown port-unreach
49191/udp closed unknown port-unreach
49192/udp closed unknown port-unreach
49193/udp closed unknown port-unreach
49194/udp closed unknown port-unreach
49200/udp closed unknown port-unreach
49201/udp closed unknown port-unreach
65024/udp closed unknown port-unreach

In the past I was able to get OS detection, but now I don't.
Too many unknown ports.
Should their be a BackOrifice port on a STB?

Does anyone have nmap scans of their Motorola STB for FiOS so I can compare?

Any suggestions for port specific scans?

 

I am not sure if this thread is too old. Probing caused STB to reset. My probe:
$ sudo nmap -sSV -T4 -d 192.168.1.100 -p 1-65535
...
Discovered open port 7501/tcp on 192.168.1.100
Discovered open port 21306/tcp on 192.168.1.100
Discovered open port 21307/tcp on 192.168.1.100
Discovered open port 8082/tcp on 192.168.1.100
Discovered open port 21303/tcp on 192.168.1.100
....
NSE: NSE Script Threads (3) running:
NSE: Starting skypev2-version against 192.168.1.100:21306.
NSE: Starting skypev2-version against 192.168.1.100:21303.
NSE: Starting skypev2-version against 192.168.1.100:7501.
NSE: Finished skypev2-version against 192.168.1.100:7501.
NSE: Finished skypev2-version against 192.168.1.100:21306.
NSE: Finished skypev2-version against 192.168.1.100:21303.
....
PORT STATE SERVICE REASON VERSION
7501/tcp open unknown syn-ack
8082/tcp open http syn-ack gSOAP httpd 2.7
21303/tcp open ssl/unknown syn-ack
21306/tcp open unknown syn-ack
21307/tcp open http syn-ack gSOAP httpd 2.7
...
HTTP try with browser at 8082 requested user id and password.
On port 21307 browser said:
This XML file does not appear to have any style information associated with it. The document tree is shown below.

SOAP-ENV:Envelope>
−
<SOAP-ENV:Body>
−
<SOAP-ENV:Fault SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>Timeout</faultstring>
<SOAP-ENVetail>accept failed in soap_accept()</SOAP-ENVetail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Other ports did not respond to browser try.