[Info-vax] Here it is, the VMS/CSWS/php Security Contest 2012
presnypreklad at gmail.com
presnypreklad at gmail.com
Thu May 3 16:41:28 EDT 2012
I'm curious. If you connect a VMS box to the Internet and turn on TCP/IP services like ftp, telnet, and finger, it's trivial to determine that the box is running VMS, right?
Of course, you could write a simple program to respond like a Unix ftp or a Microsoft Windows telnet, but once you allow the "intruder" to interact with the real VMS service, it's a dead giveaway. Isn't it?
> When you Nmap 86.221.87.44 you get:
>
> ../..
> PORT STATE SERVICE VERSION
> 21/tcp open ftp OpenVMS ftpd 5.6
> |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
> 22/tcp open tcpwrapped
> 23/tcp open telnet OpenVMS telnetd (OpenVMS 8.3)
> 53/tcp filtered domain
> 79/tcp open finger OpenVMS fingerd
> | finger: Username Program Login Term/Location
> |_SYSTEM $ Sun 7:36
> 80/tcp open http Apache httpd 2.0.63 ((OpenVMS) PHP/5.2.13)
> 111/tcp open rpcbind 2 (rpc #100000)
> 143/tcp open imap?
> |_imap-capabilities: IMAP4rev1 IMAP4
> 515/tcp open printer
> 2049/tcp open nfs 2-3 (rpc #100003)
> 49161/tcp open unknown
> ...
> Service Info: Host: dtl01.orange.fr; OS: OpenVMS
> ../..
More information about the Info-vax
mailing list