[Info-vax] Here it is, the VMS/CSWS/php Security Contest 2012
Jan-Erik Soderholm
jan-erik.soderholm at telia.com
Thu May 3 17:20:13 EDT 2012
presnypreklad at gmail.com wrote 2012-05-03 22:41:
> I'm curious. If you connect a VMS box to the Internet and turn on TCP/IP
> services like ftp, telnet, and finger, it's trivial to determine that
> the box is running VMS, right?
Are you speaking about connect time or after a (successfull) login ?
There are logical names like TCPIP$FTP_SERVER_ANNOUNCE to configure
how the (in this case) FTP server announces itself at connect time.
And the MadGoat HGFTP has logicals such as HG_FTP_HIDE_VMS_SYST.
>
> Of course, you could write a simple program to respond like a Unix ftp
> or a Microsoft Windows telnet, but once you allow the "intruder" to
> interact with the real VMS service, it's a dead giveaway. Isn't it?
>
>> When you Nmap 86.221.87.44 you get:
>>
>> ../.. PORT STATE SERVICE VERSION 21/tcp open ftp
>> OpenVMS ftpd 5.6 |_ftp-anon: Anonymous FTP login allowed (FTP code
>> 230) 22/tcp open tcpwrapped 23/tcp open telnet
>> OpenVMS telnetd (OpenVMS 8.3) 53/tcp filtered domain 79/tcp open
>> finger OpenVMS fingerd | finger: Username Program Login
>> Term/Location |_SYSTEM $ Sun 7:36 80/tcp open
>> http Apache httpd 2.0.63 ((OpenVMS) PHP/5.2.13) 111/tcp open
>> rpcbind 2 (rpc #100000) 143/tcp open imap?
>> |_imap-capabilities: IMAP4rev1 IMAP4 515/tcp open printer
>> 2049/tcp open nfs 2-3 (rpc #100003) 49161/tcp open
>> unknown ... Service Info: Host: dtl01.orange.fr; OS: OpenVMS ../..
More information about the Info-vax
mailing list