Have you Probed your FiOS Motorola STB on LAN

Discussion in 'other security issues & news' started by Searching_ _ _, Jan 20, 2010.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I attempted to telnet into the device but was denied, so resorted to nmap.

    If you have FiOS service, are you getting these results with nmap?
    Does anything look suspicious?

    Why does the STB need ida-agent?

    Code:
    # nmap -sSV -T4 -F -d <STB IP address>
    Interesting ports on IP-STB2.home (STB IP address):
    PORT STATE SERVICE REASON VERSION
    7/tcp closed echo reset
    9/tcp closed discard reset
    13/tcp closed daytime reset
    21/tcp closed ftp reset
    22/tcp closed ssh reset
    23/tcp closed telnet reset
    25/tcp closed smtp reset
    26/tcp closed rsftp reset
    37/tcp closed time reset
    53/tcp closed domain reset
    79/tcp closed finger reset
    80/tcp closed http reset
    81/tcp closed hosts2-ns reset
    88/tcp closed kerberos-sec reset
    106/tcp closed pop3pw reset
    110/tcp closed pop3 reset
    111/tcp closed rpcbind reset
    113/tcp closed auth reset
    119/tcp closed nntp reset
    135/tcp closed msrpc reset
    139/tcp closed netbios-ssn reset
    143/tcp closed imap reset
    144/tcp closed news reset
    179/tcp closed bgp reset
    199/tcp closed smux reset
    389/tcp closed ldap reset
    427/tcp closed svrloc reset
    443/tcp closed https reset
    444/tcp closed snpp reset
    445/tcp closed microsoft-ds reset
    465/tcp closed smtps reset
    513/tcp closed login reset
    514/tcp closed shell reset
    515/tcp closed printer reset
    543/tcp closed klogin reset
    544/tcp closed kshell reset
    548/tcp closed afp reset
    554/tcp closed rtsp reset
    587/tcp closed submission reset
    631/tcp closed ipp reset
    646/tcp closed ldp reset
    873/tcp closed rsync reset
    990/tcp closed ftps reset
    993/tcp closed imaps reset
    995/tcp closed pop3s reset
    1025/tcp closed NFS-or-IIS reset
    1026/tcp closed LSA-or-nterm reset
    1027/tcp closed IIS reset
    1028/tcp closed unknown reset
    1029/tcp closed ms-lsa reset
    1110/tcp closed nfsd-status reset
    1433/tcp closed ms-sql-s reset
    1720/tcp closed H.323/Q.931 reset
    1723/tcp closed pptp reset
    1755/tcp closed wms reset
    1900/tcp closed upnp reset
    2000/tcp closed callbook reset
    2001/tcp closed dc reset
    2049/tcp closed nfs reset
    2121/tcp closed ccproxy-ftp reset
    2717/tcp closed unknown reset
    3000/tcp closed ppp reset
    3128/tcp closed squid-http reset
    3306/tcp closed mysql reset
    3389/tcp closed ms-term-serv reset
    3986/tcp closed mapper-ws_ethd reset
    4899/tcp closed radmin reset
    5000/tcp closed upnp reset
    5009/tcp closed airport-admin reset
    5051/tcp closed ida-agent reset
    5060/tcp closed sip reset
    5101/tcp closed admdog reset
    5190/tcp closed aol reset
    5357/tcp closed unknown reset
    5432/tcp closed postgresql reset
    5631/tcp closed pcanywheredata reset
    5666/tcp closed nrpe reset
    5800/tcp closed vnc-http reset
    5900/tcp closed vnc reset
    6000/tcp closed X11 reset
    6001/tcp closed X11:1 reset
    6646/tcp closed unknown reset
    7070/tcp closed realserver reset
    8000/tcp closed http-alt reset
    8008/tcp closed http reset
    8009/tcp closed ajp13 reset
    8080/tcp closed http-proxy reset
    8081/tcp closed blackice-icecap reset
    8443/tcp closed https-alt reset
    8888/tcp closed sun-answerbook reset
    9100/tcp closed jetdirect reset
    9999/tcp closed abyss reset
    10000/tcp closed snet-sensor-mgmt reset
    32768/tcp closed unknown reset
    49152/tcp closed unknown reset
    49153/tcp closed unknown reset
    49154/tcp closed unknown reset
    49155/tcp closed unknown reset
    49156/tcp closed unknown reset
    49157/tcp closed unknown reset
     
  2. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    A udp scan on FiOS Motorola STB.

    Code:
    # nmap -sUV -F -d <STB IP address>
    Interesting ports on IP-STB1.home (STB IP address):
    PORT STATE SERVICE REASON VERSION
    7/udp closed echo port-unreach
    9/udp closed discard port-unreach
    17/udp closed qotd port-unreach
    19/udp closed chargen port-unreach
    49/udp closed tacacs port-unreach
    53/udp closed domain port-unreach
    67/udp closed dhcps port-unreach
    68/udp open|filtered dhcpc no-response
    69/udp closed tftp port-unreach
    80/udp closed http port-unreach
    88/udp closed kerberos-sec port-unreach
    111/udp closed rpcbind port-unreach
    120/udp closed cfdptkt port-unreach
    123/udp closed ntp port-unreach
    135/udp closed msrpc port-unreach
    136/udp closed profile port-unreach
    137/udp closed netbios-ns port-unreach
    138/udp closed netbios-dgm port-unreach
    139/udp closed netbios-ssn port-unreach
    158/udp closed pcmail-srv port-unreach
    161/udp closed snmp port-unreach
    162/udp closed snmptrap port-unreach
    177/udp closed xdmcp port-unreach
    427/udp closed svrloc port-unreach
    443/udp closed https port-unreach
    445/udp closed microsoft-ds port-unreach
    497/udp closed retrospect port-unreach
    500/udp closed isakmp port-unreach
    514/udp closed syslog port-unreach
    515/udp closed printer port-unreach
    518/udp closed ntalk port-unreach
    520/udp closed route port-unreach
    593/udp closed http-rpc-epmap port-unreach
    623/udp closed asf-rmcp port-unreach
    626/udp closed serialnumberd port-unreach
    631/udp closed ipp port-unreach
    996/udp closed vsinet port-unreach
    997/udp closed maitrd port-unreach
    998/udp closed puparp port-unreach
    999/udp closed applix port-unreach
    1022/udp closed unknown port-unreach
    1023/udp closed unknown port-unreach
    1025/udp closed blackjack port-unreach
    1026/udp closed win-rpc port-unreach
    1027/udp closed unknown port-unreach
    1028/udp closed ms-lsa port-unreach
    1029/udp closed unknown port-unreach
    1030/udp closed iad1 port-unreach
    1433/udp closed ms-sql-s port-unreach
    1434/udp closed ms-sql-m port-unreach
    1645/udp closed radius port-unreach
    1646/udp closed radacct port-unreach
    1701/udp closed L2TP port-unreach
    1718/udp closed h225gatedisc port-unreach
    1719/udp closed h323gatestat port-unreach
    1812/udp closed radius port-unreach
    1813/udp closed radacct port-unreach
    1900/udp closed upnp port-unreach
    2000/udp closed callbook port-unreach
    2048/udp closed dls-monitor port-unreach
    2049/udp closed nfs port-unreach
    2222/udp closed msantipiracy port-unreach
    2223/udp closed unknown port-unreach
    3283/udp closed netassistant port-unreach
    3456/udp closed IISrpc-or-vat port-unreach
    3703/udp closed unknown port-unreach
    4444/udp closed krb524 port-unreach
    4500/udp closed nat-t-ike port-unreach
    5000/udp closed upnp port-unreach
    5060/udp closed sip port-unreach
    5353/udp closed zeroconf port-unreach
    5632/udp closed pcanywherestat port-unreach
    9200/udp closed wap-wsp port-unreach
    10000/udp closed unknown port-unreach
    17185/udp closed wdbrpc port-unreach
    20031/udp closed bakbonenetvault port-unreach
    30718/udp closed unknown port-unreach
    31337/udp closed BackOrifice port-unreach
    32768/udp closed omad port-unreach
    32769/udp closed unknown port-unreach
    32771/udp closed sometimes-rpc6 port-unreach
    32815/udp closed unknown port-unreach
    33281/udp open|filtered unknown no-response
    49152/udp closed unknown port-unreach
    49153/udp closed unknown port-unreach
    49154/udp closed unknown port-unreach
    49156/udp closed unknown port-unreach
    49181/udp closed unknown port-unreach
    49182/udp closed unknown port-unreach
    49185/udp closed unknown port-unreach
    49186/udp closed unknown port-unreach
    49188/udp closed unknown port-unreach
    49190/udp closed unknown port-unreach
    49191/udp closed unknown port-unreach
    49192/udp closed unknown port-unreach
    49193/udp closed unknown port-unreach
    49194/udp closed unknown port-unreach
    49200/udp closed unknown port-unreach
    49201/udp closed unknown port-unreach
    65024/udp closed unknown port-unreach

    In the past I was able to get OS detection, but now I don't.
    Too many unknown ports.
    Should their be a BackOrifice port on a STB?

    Does anyone have nmap scans of their Motorola STB for FiOS so I can compare?

    Any suggestions for port specific scans?
     
  3. emjot

    emjot Registered Member

    Joined:
    Jul 25, 2010
    Posts:
    1
    I am not sure if this thread is too old. Probing caused STB to reset. My probe:
    $ sudo nmap -sSV -T4 -d 192.168.1.100 -p 1-65535
    ...
    Discovered open port 7501/tcp on 192.168.1.100
    Discovered open port 21306/tcp on 192.168.1.100
    Discovered open port 21307/tcp on 192.168.1.100
    Discovered open port 8082/tcp on 192.168.1.100
    Discovered open port 21303/tcp on 192.168.1.100
    ....
    NSE: NSE Script Threads (3) running:
    NSE: Starting skypev2-version against 192.168.1.100:21306.
    NSE: Starting skypev2-version against 192.168.1.100:21303.
    NSE: Starting skypev2-version against 192.168.1.100:7501.
    NSE: Finished skypev2-version against 192.168.1.100:7501.
    NSE: Finished skypev2-version against 192.168.1.100:21306.
    NSE: Finished skypev2-version against 192.168.1.100:21303.
    ....
    PORT STATE SERVICE REASON VERSION
    7501/tcp open unknown syn-ack
    8082/tcp open http syn-ack gSOAP httpd 2.7
    21303/tcp open ssl/unknown syn-ack
    21306/tcp open unknown syn-ack
    21307/tcp open http syn-ack gSOAP httpd 2.7
    ...
    HTTP try with browser at 8082 requested user id and password.
    On port 21307 browser said:
    This XML file does not appear to have any style information associated with it. The document tree is shown below.

    SOAP-ENV:Envelope>

    <SOAP-ENV:Body>

    <SOAP-ENV:Fault SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
    <faultcode>SOAP-ENV:Server</faultcode>
    <faultstring>Timeout</faultstring>
    <SOAP-ENV:Detail>accept failed in soap_accept()</SOAP-ENV:Detail>
    </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>

    Other ports did not respond to browser try.
     
Loading...
Thread Status:
Not open for further replies.