<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Eder, bom dia!<br>
<br>
não tenho serviços de vídeo...<br>
tentai encontra os processos que estão abrindo estas portas porem
não encontrei nenhum serviço estranho.<br>
Existe alguma forma de descobrir o processo especifico desta
porta?<br>
<br>
<br>
Em 11-07-2013 11:58, Eng Eder de Souza escreveu:<br>
</div>
<blockquote
cite="mid:CAFx1bpKL0+eJLT8E1=bSocaYDNqcSGb8bpYxATduWH7idVWzzQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Oi Eduardo !</div>
<div> </div>
<div>Se você não tem nenhum serviço de videotexto rodando neste
servidor é motivo para ficar preocupado, veja alguns serviços
que rodam nesta porta :</div>
<div> </div>
<div>
<table style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:0px;border:currentColor;text-align:left;color:rgb(0,0,0);text-transform:none;text-indent:0px;letter-spacing:normal;word-spacing:0px;white-space:normal;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal;background-color:rgb(245,245,245)">
<tbody>
<tr title="updated: 2010-03-22, hits: 2881 (2.38)
not scanned">
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">20005</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">tcp</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">trojan</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">MoSucker
trojan</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal"><i>SG</i></td>
</tr>
<tr title="updated: 2009-02-24, hits: 3402 (2.13)
not scanned" style="background-color:rgb(255,238,195)">
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">20005</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">tcp</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">trojan</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">[trojan]
MoSucker</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal"><i>Trojans</i></td>
</tr>
<tr title="updated: 2009-02-24, hits: 3402 (2.13)
not scanned">
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">20005</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">tcp,udp</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">openwebnet</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">OpenWebNet
protocol for electric network</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal"><i>IANA</i></td>
</tr>
<tr title="updated: 2009-02-24, hits: 3402 (2.13)
not scanned">
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">20005</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">tcp</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">btx</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">xcept4
(Interacts with German Telekom's CEPT videotext
service)</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal"><i>SANS</i></td>
</tr>
<tr title="updated: 2009-02-24, hits: 3402 (2.13)
not scanned" style="background-color:rgb(255,238,195)">
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">20005</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">tcp</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">Mosucker</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">[trojan]
Mosucker</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal"><i>SANS</i></td>
</tr>
<tr title="updated: 2009-03-06, hits: 3401 (2.14)
not scanned">
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">20005</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">tcp</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">btx</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">xcept4
(Interacts with German Telekom's CEPT videotext
service)</td>
<td style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
solid
rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal"><i>Nmap</i></td>
</tr>
</tbody>
</table>
</div>
<div> </div>
<div> </div>
<div>A porta 729 também é perigosa, permite descobrir
remotamente quais serviços rodam em seu servidor !</div>
<div> </div>
<div>Ambas podem ser atacadas via DoS, possuem exploits no
submundo !</div>
<div> </div>
<div>Feche estas portas em seu firewall imediatamente!</div>
<div> </div>
<div>Veja quais serviços estão rodando desnecessariamente em
mate todos...</div>
<div> </div>
<div>Fica complicado saber sem mais detalhes da invasão(logs),
se estas foram as portas de entrada !</div>
<div> </div>
<div> </div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">Em 11 de julho de 2013 11:30, Eduardo
Pereira <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:edupbar@gmail.com" target="_blank">edupbar@gmail.com</a>></span>
escreveu:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Caros, bom
dia!<br>
<br>
Tive um asterisk invadido e após isso percebi duas portas
abertas<br>
chamadas netviewdm1 e btx!.<br>
Algum conhece estas portas?<br>
Fruto do ataque??<br>
<br>
[root@pbx ~]# nmap 127.0.0.1<br>
<br>
Starting Nmap 4.11 ( <a moz-do-not-send="true"
href="http://www.insecure.org/nmap/" target="_blank">http://www.insecure.org/nmap/</a>
) at 2013-07-11 11:28 BRT<br>
Interesting ports on localhost (127.0.0.1):<br>
Not shown: 1674 closed ports<br>
PORT STATE SERVICE<br>
80/tcp open http<br>
111/tcp open rpcbind<br>
443/tcp open https<br>
729/tcp open netviewdm1<br>
3306/tcp open mysql<br>
20005/tcp open btx?<br>
<br>
Att<br>
_______________________________________________<br>
KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;<br>
Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;<br>
Intercomunicadores para acesso remoto via rede IP. Conheça
em <a moz-do-not-send="true" href="http://www.Khomp.com"
target="_blank">www.Khomp.com</a>.<br>
_______________________________________________<br>
ALIGERA – Fabricante nacional de Gateways SIP-E1 para R2,
ISDN e SS7.<br>
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.<br>
Channel Bank – Appliance Asterisk - Acesse <a
moz-do-not-send="true" href="http://www.aligera.com.br"
target="_blank">www.aligera.com.br</a>.<br>
_______________________________________________<br>
Para remover seu email desta lista, basta enviar um email em
branco para <a moz-do-not-send="true"
href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;
Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;
Intercomunicadores para acesso remoto via rede IP. Conheça em <a class="moz-txt-link-abbreviated" href="http://www.Khomp.com">www.Khomp.com</a>.
_______________________________________________
ALIGERA – Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.
Channel Bank – Appliance Asterisk - Acesse <a class="moz-txt-link-abbreviated" href="http://www.aligera.com.br">www.aligera.com.br</a>.
_______________________________________________
Para remover seu email desta lista, basta enviar um email em branco para <a class="moz-txt-link-abbreviated" href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a></pre>
</blockquote>
<br>
</body>
</html>