- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [ a r t i c l e ] [ a u t h o r ] Collecting Information from Remote Sites ManiaX Killerian - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The whole idea of this article is how to gather all the possible information about any site/provider/host and so on in Interne. First, I wanted to make all the tests on one place, but there existed possibility my 'victims' to trace me, and tgat won't do me any good, just because I was lazy and was doing it ftom home (and I hate slow ssh connections) . Here I'll be talking about methods that are abosolutely normal and lawful,and they don't create any abnormal activity (not like a flood with nestea packets) 1) Services-based methods : 1.1. DNS - supported server , upstream providers, backup lines This is my favourite,as you easy can get any provider's DNS base (which could very, I repeat, VERY large - demon.co.uk now may be about 10 MB..).Below I've placed two real database as examples, and I've put my comments in <[ ]> Example DNS base : ; BIND version named 8.1.2-T3B Sun Jan 3 23:06:10 MST 1999 ; BIND version bdale@rover:/home/bdale/debian/bind-8.1.2/target/bin/named ; zone 'spnet.net' last serial 0 ; from 212.50.0.10 at Fri Jul 16 14:34:27 1999 <[ dotuk izhoda e ot named-xfer - programata za svalqne na DNS bazata. ]> $ORIGIN net. spnet IN SOA ns.spnet.net. shtinkov.ns.spnet.net. ( 1999071400 28800 7200 604800 86400 ) IN NS ns.spnet.net. IN NS purgatory.spnet.net. IN MX 2 ns.spnet.net. IN A 212.50.0.15 <[ SOA record - who is responsible fot this zone - shtinkov@ns.spnet.net, which are the main name server for the zone and who is the mail relay for the zone (e.g. for the mail name spnet.net) ]> $ORIGIN spnet.net. dialup073 IN A 212.50.13.73 dialup074 IN A 212.50.13.74 dialup105 IN A 212.50.13.105 modem10 IN A 212.50.0.53 dialup086 IN A 212.50.13.86 dialup106 IN A 212.50.13.106 modem11 IN A 212.50.0.54 dialup087 IN A 212.50.13.87 dialup107 IN A 212.50.13.107 modem12 IN A 212.50.0.55 dialup088 IN A 212.50.13.88 dialup110 IN A 212.50.13.110 <[ Some dialups and so on (a bit erased by me) ]> skat IN A 212.50.0.161 IN MX 10 skat.spnet.net. $ORIGIN skat.spnet.net. mail IN CNAME skat.spnet.net. www IN CNAME skat.spnet.net. proxy IN CNAME skat.spnet.net. ns IN CNAME skat.spnet.net. ftp IN CNAME skat.spnet.net. <[ A client with his own server ....which is in their zone .. Looks like they don't care what their name is, so it's rarely possible that they're Internet provider]> $ORIGIN spnet.net. modem13 IN A 212.50.0.56 dialup089 IN A 212.50.13.89 dialup091 IN A 212.50.13.91 <[ More dial-ups...The bad thing about named-xfer is that it doesn't sort anything... This problem could be greatly noticed when you look at the bg. TLD DNS base - may be to danbo on his machine it looks great, but to any ordinary user of named-xfer it's awful. ]> cst IN A 212.50.0.193 svilengrad IN MX 10 cst.spnet.net. $ORIGIN svilengrad.spnet.net. cst IN CNAME cst.spnet.net. mail IN CNAME cst.spnet.net. proxy IN CNAME cst.spnet.net. www IN CNAME cst.spnet.net. ns IN CNAME cst.spnet.net. ftp IN CNAME cst.spnet.net. <[ Again something like skat - but this time it looks like they're representativers of SPNET in Svilengrad.... ]> $ORIGIN spnet.net. spnet2digsys-local IN A 212.50.10.238 <[ IP of the router's interface to another provider - DIGSYS. Usually any such address is named in way that the name will correspond to the link that goes through this interface ( It's not always so) ]> dialup127 IN A 212.50.13.127 dialup128 IN A 212.50.13.128 dialup130 IN A 212.50.13.130 intbg2spnet IN A 212.50.10.241 <[ Again link to another provider ]> spnet2intbg IN A 212.50.10.242 <[ IP of the distant interface (e.g. the router on the other end of the link) ]> irc IN CNAME purgatory.spnet.net. <[ SPNET's irc server - just a CNAME pointing to any of their bigger servers. In fact, in .bg there just ain't any need to use a separate mashine for IRC server - only in the case when some crazy guy wants to connect it to EFNET :) :)))) ]> biolin IN A 212.50.0.9 <[ Little stranger name - server of BIOTEAM ]> mail IN CNAME ns.spnet.net. <[ General mail relay. Most of the mail clients (like Netscape messenger) come set up by default to use SMTP server named mail and it's a lot easier to put an alias in the DNS base that to modify a lot of the client's configurations. ]> spnet2netbg IN A 212.50.10.226 IN A 212.50.10.230 <[ again router's interface address ]> pirdop1 IN A 212.50.0.238 <[ interesting below there is machine called just pirdop - looks like they have only one dial-up ? Or the machine of the local admin ? ]> haskovo IN MX 10 gis.spnet.net. $ORIGIN haskovo.spnet.net. mail IN CNAME gis.spnet.net. www IN CNAME gis.spnet.net. proxy IN CNAME gis.spnet.net. ns IN CNAME gis.spnet.net. ftp IN CNAME gis.spnet.net. $ORIGIN spnet.net. proxy IN CNAME purgatory.spnet.net. <[ Main proxy server ..The reason for such alias is the same as the reason for the alias 'mail' ]> digsys2spnet-local IN A 212.50.10.237 router2 IN A 212.50.0.2 digsys2spnet IN A 212.50.10.253 router3 IN A 212.50.0.3 $ORIGIN sirma.spnet.net. router IN A 212.50.14.129 $ORIGIN spnet.net. router4 IN A 212.50.0.4 dialup255 IN A 212.50.13.255 router7 IN A 212.50.0.7 router8 IN A 212.50.0.8 ns IN A 212.50.0.10 <[ Main name server and mail relay (see above) ]> router IN A 212.50.0.1 <[ central router - god knows what CISCO beast... ]> parvak IN A 212.50.0.12 <[ admin's machine - recognized by the name... Usually nobody calls any server with such a name. ]> debian IN A 212.50.0.16 <[ Debian archive...... LONG LIVE! :))) ]> ibsf IN A 212.50.0.225 IN MX 10 ibsf.spnet.net. <[ One more client with leased line and mail relaying... ]> pool IN CNAME ns.spnet.net. switch IN A 212.50.0.6 $ORIGIN plovdiv.spnet.net. router IN A 212.50.21.1 $ORIGIN spnet.net. gis IN A 212.50.0.241 rakia IN CNAME parvak.spnet.net. <[ CNAME for the admin's machine .... ]> harmanli IN A 212.50.14.97 IN MX 10 harmanli.spnet.net. $ORIGIN harmanli.spnet.net. cst IN CNAME harmanli.spnet.net. mail IN CNAME harmanli.spnet.net. proxy IN CNAME harmanli.spnet.net. www IN CNAME harmanli.spnet.net. ns IN CNAME harmanli.spnet.net. ftp IN CNAME harmanli.spnet.net. $ORIGIN spnet.net. pirdop IN A 212.50.0.237 IN MX 10 pirdop.spnet.net. $ORIGIN pirdop.spnet.net. mail IN CNAME pirdop.spnet.net. www IN CNAME pirdop.spnet.net. proxy IN CNAME pirdop.spnet.net. ns IN CNAME pirdop.spnet.net. ftp IN CNAME pirdop.spnet.net. <[ ha,who knew that SPNET had offce in pirdop ? :))) ]> $ORIGIN spnet.net. manro IN A 212.50.0.17 ftp IN CNAME purgatory.spnet.net. coin IN A 212.50.0.14 spnet2bdata IN A 212.50.10.250 support IN A 212.50.0.19 radius IN CNAME ns.spnet.net. $ORIGIN center.spnet.net. router3 IN A 212.50.0.67 anemia IN A 212.50.0.69 <[ again interesting machine ......which is registred in center.spnet.net, which is the zone of the main routers... ]> router4 IN A 212.50.0.68 switch IN A 212.50.0.70 router IN A 212.50.0.65 router2 IN A 212.50.0.66 $ORIGIN spnet.net. purgatory IN A 212.50.0.15 modem0 IN A 212.50.0.43 modem1 IN A 212.50.0.44 modem2 IN A 212.50.0.45 modem3 IN A 212.50.0.46 modem4 IN A 212.50.0.47 modem5 IN A 212.50.0.48 modem6 IN A 212.50.0.49 modem7 IN A 212.50.0.50 modem8 IN A 212.50.0.51 modem9 IN A 212.50.0.52 pernik IN A 212.50.19.65 IN MX 10 pernik.spnet.net. $ORIGIN pernik.spnet.net. pool6 IN A 212.50.19.86 pool7 IN A 212.50.19.87 pool0 IN A 212.50.19.80 pool1 IN A 212.50.19.81 mail IN CNAME pernik.spnet.net. pool2 IN A 212.50.19.82 www IN CNAME pernik.spnet.net. proxy IN CNAME pernik.spnet.net. pool3 IN A 212.50.19.83 pool4 IN A 212.50.19.84 pool5 IN A 212.50.19.85 ns IN CNAME pernik.spnet.net. router IN A 212.50.19.66 ftp IN CNAME pernik.spnet.net. <[ Here you can see a more serious office in Pernik (???) , with 8 dial-ups, with router ( which could be just a linux machine and pernik i router to be the same machjine), and even with www .... It could be verified are they one machine, using traceroute .... After a test it look like that either router.pernik 's traceroute packets are filtered, or either it's missing ,or either he is after pernik.spnet in the netrwork topology....which could mean, thaht the record is set just by habbit, ot their router died, or it's a router to which you connect dialups and noting more (here kay noticed , it could be just a portmaster or sth. who is filtered.) ]> $ORIGIN spnet.net. dialup002 IN A 212.50.13.2 ingbank IN MX 10 ibsf.spnet.net. IN CNAME ibsf.spnet.net. <[ Here we see what is isbf - INGBANK...]> bta IN A 212.50.10.130 <[ BTA .... Interesting ... I can write another article as big as this about them :)) ]> spnet2netissat IN A 212.50.10.234 zlatica IN A 212.50.0.233 IN MX 10 zlatica.spnet.net. $ORIGIN zlatica.spnet.net. mail IN CNAME zlatica.spnet.net. www IN CNAME zlatica.spnet.net. proxy IN CNAME zlatica.spnet.net. ns IN CNAME zlatica.spnet.net. ftp IN CNAME zlatica.spnet.net. $ORIGIN spnet.net. netbg2spnet IN A 212.50.10.225 IN A 212.50.10.229 spnet2digsys IN A 212.50.10.254 www IN CNAME purgatory.spnet.net. topbg IN CNAME purgatory.spnet.net. This is what it looks like the DNS database for one big (for BG) provider. Some users, static IP-ta, 254 IP-ta zadeleni za dialup.. And here is one of their reverse zones (their main) : $ORIGIN 50.212.in-addr.arpa. 0 IN SOA ns.spnet.net. shtinkov.ns.spnet.net. ( 1999071400 28800 7200 604800 86400 ) IN NS ns.spnet.net. IN NS purgatory.spnet.net. <[ ^^^ the same SOA record..... ]> $ORIGIN 0.50.212.in-addr.arpa. 1 IN PTR router.spnet.net. 2 IN PTR router2.spnet.net. 3 IN PTR router3.spnet.net. 4 IN PTR router4.spnet.net. 6 IN PTR switch.spnet.net. 7 IN PTR router7.spnet.net. 8 IN PTR router8.spnet.net. 9 IN PTR biolin.spnet.net. 161 IN PTR skat.spnet.net. 10 IN PTR ns.spnet.net. 11 IN PTR bta.spnet.net. 12 IN PTR parvak.spnet.net. 14 IN PTR coin.spnet.net. 15 IN PTR purgatory.spnet.net. 16 IN PTR debian.spnet.net. 17 IN PTR manro.spnet.net. 19 IN PTR support.spnet.net. 193 IN PTR cst.spnet.net. 43 IN PTR modem0.spnet.net. 44 IN PTR modem1.spnet.net. 45 IN PTR modem2.spnet.net. 46 IN PTR modem3.spnet.net. 47 IN PTR modem4.spnet.net. 50 IN PTR modem7.spnet.net. 48 IN PTR modem5.spnet.net. 51 IN PTR modem8.spnet.net. 49 IN PTR modem6.spnet.net. 52 IN PTR modem9.spnet.net. 225 IN PTR ibsf.spnet.net. 53 IN PTR modem10.spnet.net. 54 IN PTR modem11.spnet.net. 55 IN PTR modem12.spnet.net. 56 IN PTR modem13.spnet.net. 57 IN PTR modem19.spnet.net. 60 IN PTR modem16.spnet.net. 58 IN PTR modem14.spnet.net. 233 IN PTR zlatica.spnet.net. 61 IN PTR modem17.spnet.net. 59 IN PTR modem15.spnet.net. 234 IN PTR stoyan.zlatica.spnet.net. 62 IN PTR modem18.spnet.net. 237 IN PTR pirdop.spnet.net. 65 IN PTR router.center.spnet.net. 238 IN PTR pirdop1.spnet.net. 66 IN PTR router2.center.spnet.net. 241 IN PTR gis.spnet.net. 67 IN PTR router3.center.spnet.net. 242 IN PTR admin.haskovo.spnet.net. 70 IN PTR switch.center.spnet.net. 68 IN PTR router4.center.spnet.net. 243 IN PTR pool1.haskovo.spnet.net. 69 IN PTR anemia.center.spnet.net. 244 IN PTR pool2.haskovo.spnet.net. 245 IN PTR pool3.haskovo.spnet.net. 246 IN PTR pool4.haskovo.spnet.net. 247 IN PTR pool5.haskovo.spnet.net. 248 IN PTR pool6.haskovo.spnet.net. <[hereto ,the standart information we've got from our previous DNS database...... ]> 81 IN PTR biolin.bioteam.com. 82 IN PTR dimitrov.bioteam.com. 83 IN PTR corn.bioteam.com. 84 IN PTR kirilov.bioteam.com. 85 IN PTR tanja.bioteam.com. 86 IN PTR petrova.bioteam.com. 87 IN PTR zheliazkov.bioteam.com. 90 IN PTR topalov.bioteam.com. 88 IN PTR kckfb.bioteam.com. 89 IN PTR valov.bioteam.com. <[ and here is a way to find interesting machines to attack - username.xxx.com :)) this, as it looks like, are users' machines with static real (not masqeraded) IPs... these are one of the most vulnerable machines on the net (maybe after the dial-ups.... and may bebefore them) ]> If we download any other reverse DNS database, we could find other domains,hosted by SPNET - like yellowpages.bg and so on. So, as the forward DNS base gives us information about the provider, the reverse DNS base gives us information about the other hosted domains/people/organisations/providers and so on. 1.2. nmap -sP (i.e. a check which IPs are used ) size of the provider. <[ za tuk sum izpolzval nqkoi stari scan-ove na infotel... ]> Starting nmap V. 1.51 by Fyodor (fyodor@dhp.com, www.dhp.com/~fyodor/nmap/) Host (212.39.64.16) seems to be a subnet broadcast address (returned 8 extra pings) Host ns.infotel.bg (212.39.64.18) appears to be up. Host unnamed.infotel.bg (212.39.64.19) appears to be up. Host unnamed.infotel.bg (212.39.64.20) appears to be up. Host tch.infotel.bg (212.39.64.22) appears to be up. Host c2501.infotel.bg (212.39.64.23) appears to be up. Host acp70.infotel.bg (212.39.64.24) appears to be up. Host c2522.infotel.bg (212.39.64.27) appears to be up. Host c2511.infotel.bg (212.39.64.28) appears to be up. Host nb.infotel.bg (212.39.64.29) appears to be up. Host (212.39.64.31) seems to be a subnet broadcast address (returned 8 extra pings) Host (212.39.64.32) seems to be a subnet broadcast address (returned 2 extra pings) <[ who wants to smurf ? :))) Looks like we have broadcasts,too ..]> Host unnamed.infotel.bg (212.39.64.33) appears to be up. Host unnamed.infotel.bg (212.39.64.34) appears to be up. Host (212.39.64.35) seems to be a subnet broadcast address (returned 2 extra pings) Host (212.39.64.48) seems to be a subnet broadcast address (returned 1 extra pings) Host unnamed.infotel.bg (212.39.64.49) appears to be up. Host unnamed.infotel.bg (212.39.64.51) appears to be up. Host unnamed.infotel.bg (212.39.64.55) appears to be up. Host unnamed.infotel.bg (212.39.64.57) appears to be up. Host unnamed.infotel.bg (212.39.64.59) appears to be up. Host unnamed.infotel.bg (212.39.64.60) appears to be up. Host (212.39.64.63) seems to be a subnet broadcast address (returned 1 extra pings) Host unnamed.infotel.bg (212.39.64.97) appears to be up. Host (212.39.64.100) seems to be a subnet broadcast address (returned 1 extra pings) Host unnamed.infotel.bg (212.39.64.101) appears to be up. Host unnamed.infotel.bg (212.39.64.102) appears to be up. Host (212.39.64.103) seems to be a subnet broadcast address (returned 1 extra pings) Host (212.39.64.112) seems to be a subnet broadcast address (returned 1 extra pings) Host unnamed.infotel.bg (212.39.64.113) appears to be up. Host unnamed.infotel.bg (212.39.64.114) appears to be up. Host vg.infotel.bg (212.39.64.116) appears to be up. Host (212.39.64.127) seems to be a subnet broadcast address (returned 1 extra pings) Host pomps.infotel.bg (212.39.64.129) appears to be up. Host unnamed.infotel.bg (212.39.64.132) appears to be up. Host unnamed.infotel.bg (212.39.64.137) appears to be up. Host unnamed.infotel.bg (212.39.64.139) appears to be up. Host unnamed.infotel.bg (212.39.64.140) appears to be up. Host unnamed.infotel.bg (212.39.64.144) appears to be up. Host unnamed.infotel.bg (212.39.64.145) appears to be up. Host unnamed.infotel.bg (212.39.64.146) appears to be up. Host (212.39.64.159) seems to be a subnet broadcast address (returned 1 extra pings) Host (212.39.64.160) seems to be a subnet broadcast address (returned 2 extra pings) Host unnamed.infotel.bg (212.39.64.161) appears to be up. Host unnamed.infotel.bg (212.39.64.163) appears to be up. Host unnamed.infotel.bg (212.39.64.164) appears to be up. Host unnamed.infotel.bg (212.39.64.165) appears to be up. Host unnamed.infotel.bg (212.39.64.166) appears to be up. Host unnamed.infotel.bg (212.39.64.170) appears to be up. Host unnamed.infotel.bg (212.39.64.172) appears to be up. Host unnamed.infotel.bg (212.39.64.174) appears to be up. Host unnamed.infotel.bg (212.39.64.176) appears to be up. Host unnamed.infotel.bg (212.39.64.177) appears to be up. Host unnamed.infotel.bg (212.39.64.179) appears to be up. Host (212.39.64.191) seems to be a subnet broadcast address (returned 1 extra pings) Host (212.39.64.208) seems to be a subnet broadcast address (returned 4 extra pings) Host unnamed.infotel.bg (212.39.64.209) appears to be up. Host unnamed.infotel.bg (212.39.64.210) appears to be up. Host unnamed.infotel.bg (212.39.64.211) appears to be up. Host unnamed.infotel.bg (212.39.64.213) appears to be up. Host unnamed.infotel.bg (212.39.64.218) appears to be up. Host unnamed.infotel.bg (212.39.64.221) appears to be up. Host unnamed.infotel.bg (212.39.64.222) appears to be up. Host (212.39.64.223) seems to be a subnet broadcast address (returned 4 extra pings) Host (212.39.64.224) seems to be a subnet broadcast address (returned 1 extra pings) Host unnamed.infotel.bg (212.39.64.225) appears to be up. Host unnamed.infotel.bg (212.39.64.226) appears to be up. Host unnamed.infotel.bg (212.39.64.227) appears to be up. Host unnamed.infotel.bg (212.39.64.228) appears to be up. Host unnamed.infotel.bg (212.39.64.230) appears to be up. Host unnamed.infotel.bg (212.39.64.234) appears to be up. Host (212.39.64.239) seems to be a subnet broadcast address (returned 1 extra pings) Host unnamed.infotel.bg (212.39.64.253) appears to be up. Host unnamed.infotel.bg (212.39.64.254) appears to be up. Starting nmap V. 1.51 by Fyodor (fyodor@dhp.com, www.dhp.com/~fyodor/nmap/) Host (212.39.65.0) appears to be down. Host (212.39.65.0) seems to be a subnet broadcast address (returned 1 extra pings) Host unnamed.infotel.bg (212.39.65.1) appears to be up. Host unnamed.infotel.bg (212.39.65.2) appears to be up. Host unnamed.infotel.bg (212.39.65.3) appears to be up. Host unnamed.infotel.bg (212.39.65.4) appears to be up. Host unnamed.infotel.bg (212.39.65.5) appears to be up. Host unnamed.infotel.bg (212.39.65.6) appears to be up. Host (212.39.65.7) appears to be down. Host (212.39.65.8) appears to be down. Host (212.39.65.9) appears to be down. Host (212.39.65.10) appears to be down. Host (212.39.65.11) appears to be down. Host (212.39.65.12) appears to be down. Host (212.39.65.13) appears to be down. Host (212.39.65.14) appears to be down. Host (212.39.65.15) appears to be down. Host (212.39.65.15) seems to be a subnet broadcast address (returned 1 extra pings) Host (212.39.65.16) appears to be down. Host (212.39.65.16) seems to be a subnet broadcast address (returned 1 extra pings) Host unnamed.infotel.bg (212.39.65.17) appears to be up. Host unnamed.infotel.bg (212.39.65.18) appears to be up. Host unnamed.infotel.bg (212.39.65.19) appears to be up. Host (212.39.65.20) appears to be down. Host (212.39.65.21) appears to be down. Host (212.39.65.22) appears to be down. Host (212.39.65.23) appears to be down. Host (212.39.65.24) appears to be down. Host (212.39.65.25) appears to be down. Host (212.39.65.26) appears to be down. Host (212.39.65.27) appears to be down. Host (212.39.65.28) appears to be down. Host (212.39.65.29) appears to be down. Host (212.39.65.30) appears to be down. Host (212.39.65.31) appears to be down. Host (212.39.65.31) seems to be a subnet broadcast address (returned 1 extra pings) Host (212.39.65.32) appears to be down. <[ here I've cut some hosts that are down ....below is a bit shortened list.. ]> Host (212.39.65.87) appears to be down. Host unnamed.infotel.bg (212.39.65.88) appears to be up. Host (212.39.65.89) appears to be down. Host (212.39.65.96) appears to be down. Host unnamed.infotel.bg (212.39.65.97) appears to be up. Host (212.39.65.98) appears to be down. Host unnamed.infotel.bg (212.39.65.99) appears to be up. Host (212.39.65.100) appears to be down. Host (212.39.65.132) appears to be down. Host pppsof5.infotel.bg (212.39.65.133) appears to be up. Host (212.39.65.134) appears to be down. Host (212.39.65.135) appears to be down. Host (212.39.65.136) appears to be down. Host (212.39.65.137) appears to be down. Host pppsof10.infotel.bg (212.39.65.138) appears to be up. Host (212.39.65.139) appears to be down. Host (212.39.65.149) appears to be down. Host pppsof22.infotel.bg (212.39.65.150) appears to be up. <[ Some dial-ups....... ]> Host (212.39.65.151) appears to be down. Host (212.39.65.192) appears to be down. Host (212.39.65.192) seems to be a subnet broadcast address (returned 5 extra pings) Host fpn.infotel.bg (212.39.65.193) appears to be up. Host (212.39.65.194) appears to be down. Host db.infotel.bg (212.39.65.195) appears to be up. Host www1.infotel.bg (212.39.65.196) appears to be up. Host hdesk.gurko.cits.btc.bg (212.39.65.197) appears to be up. <[ The only machine in the domain btc.bg ...]> Host unnamed.infotel.bg (212.39.65.198) appears to be up. Host ibm2210.infotel.bg (212.39.65.199) appears to be up. Host (212.39.65.200) appears to be down. Host (212.39.65.207) appears to be down. Host (212.39.65.207) seems to be a subnet broadcast address (returned 5 extra pings) <[ again broadcast ... ]> Host (212.39.65.208) appears to be down. Host (212.39.65.208) seems to be a subnet broadcast address (returned 1 extra pings) Host db.infotel.bg (212.39.65.209) appears to be up. Host fpn.infotel.bg (212.39.65.210) appears to be up. Host www1.infotel.bg (212.39.65.211) appears to be up. Host fw.infotel.bg (212.39.65.212) appears to be up. Host (212.39.65.213) appears to be down. Host (212.39.65.214) appears to be down. Host nb.infotel.bg (212.39.65.215) appears to be up. Host switch.infotel.bg (212.39.65.216) appears to be up. Host unnamed.infotel.bg (212.39.65.217) appears to be up. Host (212.39.65.218) appears to be down. Host (212.39.65.219) appears to be down. Host (212.39.65.220) appears to be down. Host br.infotel.bg (212.39.65.221) appears to be up. Host (212.39.65.222) appears to be down. Host (212.39.65.223) appears to be down. Host (212.39.65.223) seems to be a subnet broadcast address (returned 1 extra pings) Host (212.39.65.224) appears to be down. Host (212.39.65.255) appears to be down. <[ This scan is very old and I'm sure that it's not actual noe, but you can see that in this zone there are servers and routers like in a big ISP, and in the next part you will see how big it is....And, don't forget the scan is made about 4:00 am ]> 1.3. nmap -sS -O (used OS-es),some known things about the specific network-oriented OS-es. <[ Here I used nmap 2.01, because it has OS scan .. ]> Starting nmap V. 2.01 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/) Host unnamed.infotel.bg (212.39.64.0) appears to be down, skipping it. <[ Again, here I've deleted most of the hosts that weredown ]> Host unnamed.infotel.bg (212.39.64.16) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.16) seems to be a subnet broadcast address (returned 1 extra pings).Skipping host. Host unnamed.infotel.bg (212.39.64.17) appears to be down, skipping it. Host ns.infotel.bg (212.39.64.18) appears to be up ... good. Initiating SYN half-open stealth scan against ns.infotel.bg (212.39.64.18) Adding TCP port 9 (state Open). Adding TCP port 13 (state Open). Adding TCP port 53 (state Open). Adding TCP port 25 (state Open). Adding TCP port 7 (state Open). Adding TCP port 23 (state Open). Adding TCP port 37 (state Open). Adding TCP port 19 (state Open). Adding TCP port 110 (state Open). The SYN scan took 49 seconds to scan 120 ports. For OSScan assuming that port 7 is open and port 40836 is closed and neither are firewalled Interesting ports on ns.infotel.bg (212.39.64.18): Port State Protocol Service 7 open tcp echo 9 open tcp discard 13 open tcp daytime 19 open tcp chargen 21 filtered tcp ftp 23 open tcp telnet 25 open tcp smtp 37 open tcp time 49 filtered tcp unknown 53 open tcp domain 80 filtered tcp www 110 open tcp pop3 111 filtered tcp sunrpc TCP Sequence Prediction: Class=64K rule Difficulty=1 (Trivial joke) Sequence numbers: 52871601 52804001 528DEC01 52A17401 Remote operating system guess: AIX 4.1 OS Fingerprint: TSeq(Class=64K) T1(Resp=Y%DF=N%W=3F25%ACK=S++%Flags=AS%Ops=M) T2(Resp=N) T3(Resp=N) T4(Resp=Y%DF=N%W=4000%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=F%UCK=E%ULEN=134%DAT=E) <[ hihi...AIX and with really easy sequence number generator]> Host unnamed.infotel.bg (212.39.64.19) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.20) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.20) Adding TCP port 23 (state Open). Adding TCP port 79 (state Open). The SYN scan took 53 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 41396 is closed and neither are firewalled Interesting ports on unnamed.infotel.bg (212.39.64.20): Port State Protocol Service 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 79 open tcp finger 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=random positive increments Difficulty=165610 (Good luck!) Sequence numbers: 193786BC 193CCA3F 193CB80D 193CDC3D 193786BC 193CB80D Remote operating system guess: Cisco IOS 11.3 - 12.0 OS Fingerprint: TSeq(Class=RI%gcd=1%SI=286EA) T1(Resp=Y%DF=N%W=1020%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=1020%ACK=S++%Flags=AS%Ops=M) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) <[ router ..... ]> Host unnamed.infotel.bg (212.39.64.21) appears to be down, skipping it. Host tch.infotel.bg (212.39.64.22) appears to be up ... good. Initiating SYN half-open stealth scan against tch.infotel.bg (212.39.64.22) Adding TCP port 23 (state Open). The SYN scan took 79 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 30852 is closed and neither are firewalled Interesting ports on tch.infotel.bg (212.39.64.22): Port State Protocol Service 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=constant sequence number (!) Difficulty=0 (Trivial joke) Sequence numbers: 7F 7F 7F 7F 7F 7F Remote operating system guess: ComOS - Livingston PortMaster (unknown version number) OS Fingerprint: TSeq(Class=C%Val=7F) T1(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T2(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T4(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E) <[ Dial-in server .... the bad thing is, that you can't find it's number of ports .]> Host c2501.infotel.bg (212.39.64.23) appears to be up ... good. Initiating SYN half-open stealth scan against c2501.infotel.bg (212.39.64.23) Adding TCP port 23 (state Open). Adding TCP port 79 (state Open). The SYN scan took 72 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 34074 is closed and neither are firewalled Interesting ports on c2501.infotel.bg (212.39.64.23): Port State Protocol Service 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 79 open tcp finger 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=random positive increments Difficulty=54438 (Worthy challenge) Sequence numbers: 8C3BBB63 8C3B9183 8C3C0E3B 8C3E6311 8C3E709A 8C3EF28B Remote operating system guess: Cisco 25XX/45XX Router or 29XX switch (IOS 11.2) OS Fingerprint: TSeq(Class=RI%gcd=1%SI=D4A6) T1(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) <[ one more router .... ]> Host acp70.infotel.bg (212.39.64.24) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.25) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.26) appears to be down, skipping it. Host c2522.infotel.bg (212.39.64.27) appears to be up ... good. Initiating SYN half-open stealth scan against c2522.infotel.bg (212.39.64.27) Adding TCP port 23 (state Open). Adding TCP port 79 (state Open). The SYN scan took 133 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 35085 is closed and neither are firewalled Interesting ports on c2522.infotel.bg (212.39.64.27): Port State Protocol Service 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 79 open tcp finger 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=random positive increments Difficulty=47238 (Worthy challenge) Sequence numbers: 98A2BF85 98A2B041 98A6608B 98A67D6F 98A66F2B 98A68BEF Remote operating system guess: Cisco 25XX/45XX Router or 29XX switch (IOS 11.2) OS Fingerprint: TSeq(Class=RI%gcd=2%SI=B886) T1(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) <[ Router again router ...]> Host c2511.infotel.bg (212.39.64.28) appears to be up ... good. Initiating SYN half-open stealth scan against c2511.infotel.bg (212.39.64.28) Adding TCP port 23 (state Open). Adding TCP port 79 (state Open). The SYN scan took 57 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 43591 is closed and neither are firewalled Interesting ports on c2511.infotel.bg (212.39.64.28): Port State Protocol Service 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 79 open tcp finger 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=random positive increments Difficulty=46280 (Worthy challenge) Sequence numbers: A0700F7E A0702555 A0720C52 A0721A9A A071FC99 A07260F2 Remote operating system guess: Cisco 25XX/45XX Router or 29XX switch (IOS 11.2) OS Fingerprint: TSeq(Class=RI%gcd=1%SI=B4C8) T1(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=N) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) <[ Hey....this needs checking ]> Host unnamed.infotel.bg (212.39.64.34) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.34) Adding TCP port 9 (state Open). Adding TCP port 79 (state Open). Adding TCP port 19 (state Open). Adding TCP port 7 (state Open). RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 Adding TCP port 23 (state Open). Bumping up senddelay by 10000 (to 10000), due to excessive drops The SYN scan took 247 seconds to scan 120 ports. For OSScan assuming that port 7 is open and port 36334 is closed and neither are firewalled Insufficient responses for TCP sequencing (2), OS detection will be MUCH less reliable For OSScan assuming that port 7 is open and port 36542 is closed and neither are firewalled For OSScan assuming that port 7 is open and port 31882 is closed and neither are firewalled Insufficient responses for TCP sequencing (3), OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.34): Port State Protocol Service 7 open tcp echo 9 open tcp discard 19 open tcp chargen 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 79 open tcp finger 80 filtered tcp www 111 filtered tcp sunrpc No OS matches for this host. TCP fingerprints: T1(Resp=Y%DF=N%W=860%ACK=S++%Flags=AS%Ops=M) TSeq(Class=C%Val=68D83FAF) T1(Resp=Y%DF=N%W=860%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T1(Resp=N) T2(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) T3(Resp=N) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=N) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T3(Resp=N) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=N) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=N) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=N) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host unnamed.infotel.bg (212.39.64.35) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.35) seems to be a subnet broadcast address (returned 2 extra pings). Skipping host. Host unnamed.infotel.bg (212.39.64.36) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.48) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.48) seems to be a subnet broadcast address (returned 2 extra pings). Skipping host. Host unnamed.infotel.bg (212.39.64.49) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.49) Adding TCP port 15 (state Open). Adding TCP port 109 (state Open). Adding TCP port 9 (state Open). Adding TCP port 13 (state Open). Adding TCP port 25 (state Open). Adding TCP port 7 (state Open). Adding TCP port 11 (state Open). Adding TCP port 37 (state Open). Adding TCP port 23 (state Open). Adding TCP port 79 (state Open). Adding TCP port 119 (state Open). Adding TCP port 19 (state Open). Adding TCP port 110 (state Open). Adding TCP port 113 (state Open). The SYN scan took 59 seconds to scan 120 ports. For OSScan assuming that port 7 is open and port 43035 is closed and neither are firewalled WARNING: RST from port 7 -- is this port really open? WARNING: RST from port 7 -- is this port really open? WARNING: RST from port 7 -- is this port really open? WARNING: RST from port 7 -- is this port really open? WARNING: RST from port 7 -- is this port really open? WARNING: RST from port 7 -- is this port really open? <[ Interesting ...is it firewalled in a strange way ? ? ]> Insufficient responses for TCP sequencing (0), OS detection will be MUCH less reliable For OSScan assuming that port 7 is open and port 44543 is closed and neither are firewalled WARNING: RST from port 7 -- is this port really open? WARNING: RST from port 7 -- is this port really open? Insufficient responses for TCP sequencing (0), OS detection will be MUCH less reliable For OSScan assuming that port 7 is open and port 38888 is closed and neither are firewalled WARNING: RST from port 7 -- is this port really open? WARNING: RST from port 7 -- is this port really open? WARNING: RST from port 7 -- is this port really open? Insufficient responses for TCP sequencing (0), OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.49): Port State Protocol Service 7 open tcp echo 9 open tcp discard 11 open tcp systat 13 open tcp daytime 15 open tcp netstat 19 open tcp chargen 21 filtered tcp ftp 23 open tcp telnet 25 open tcp smtp 37 open tcp time 49 filtered tcp unknown 79 open tcp finger 80 filtered tcp www 109 open tcp pop2 110 open tcp pop3 111 filtered tcp sunrpc 113 open tcp auth 119 open tcp nntp No OS matches for this host. TCP fingerprints: T1(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T7(Resp=N) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host unnamed.infotel.bg (212.39.64.50) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.51) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.52) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.53) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.53) The SYN scan took 62 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.53): Port State Protocol Service 21 filtered tcp ftp 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc Remote OS guesses: Windows NT4 / Win95 / Win98, Windows NT 5 Beta2 OS Fingerprint: T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) <[ Here I've cut about 300 things like this ... kay says that hese are CMP unreachable packets or some other shit, but I can't be sure, I was sleeping when it happened :))) ]> Here it is: 3 1 E CA 0 0 0 0 45 0 0 28 74 ED 0 0 36 6 4D 4C C2 C EB C1 D4 27 40 A1 82 11 0 5 1C 6C 4F B2 Here it is: 3 1 E 5C 0 0 0 0 45 0 0 28 D2 88 0 0 36 6 EF B0 C2 C EB C1 D4 27 40 A1 82 11 0 73 1C 6C 4F B2 Here it is: 3 1 E 92 0 0 0 0 45 0 0 28 FF 49 0 0 36 6 C2 EF C2 C EB C1 D4 27 40 A1 82 11 0 3D 1C 6C 4F B2 Here it is: 3 1 E 70 0 0 0 0 45 0 0 28 3C 0 0 0 36 6 86 39 C2 C EB C1 D4 27 40 A1 82 11 0 5F 1C 6C 4F B2 The SYN scan took 397 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.161): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) <[ damn filtered ..... ]> Host scifo.infotel.bg (212.39.64.162) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.163) appears to be down, skipping it. Host dancho.infotel.bg (212.39.64.164) appears to be up ... good. Initiating SYN half-open stealth scan against dancho.infotel.bg (212.39.64.164) <[ damn filtered again ? ]> Here it is: 3 1 10 80 0 0 0 0 45 0 0 28 5 D3 0 0 36 6 BC 63 C2 C EB C1 D4 27 40 A4 82 11 0 3F 5C B5 D 79 The SYN scan took 397 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on dancho.infotel.bg (212.39.64.164): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.64.165) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.166) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.166) 3 1 4A DC 0 0 0 0 45 0 0 28 F9 67 0 0 36 6 C8 CC C2 C EB C1 D4 27 40 A6 82 11 0 3D DE 87 51 4C The SYN scan took 397 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.166): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.64.167) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.167) Here it is: Here it is: 3 1 1C 97 0 0 0 0 45 0 0 28 12 32 0 0 36 6 B0 1 C2 C EB C1 D4 27 40 A7 82 11 0 5F 59 E0 4 17 The SYN scan took 397 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.167): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.64.168) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.184) appears to be down, skipping it. Host hpns.infotel.bg (212.39.64.185) appears to be up ... good. Initiating SYN half-open stealth scan against hpns.infotel.bg (212.39.64.185) Here it is: 3 1 7D A6 0 0 0 0 45 0 0 28 C2 D0 0 0 36 6 FF 50 C2 C EB C1 D4 27 40 B9 82 11 0 3D 72 69 8A A0 The SYN scan took 398 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on hpns.infotel.bg (212.39.64.185): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.64.186) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.191) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.191) seems to be a subnet broadcast address (returned 2 extra pings). Skipping host. Host unnamed.infotel.bg (212.39.64.192) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.208) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.208) seems to be a subnet broadcast address (returned 2 extra pings). Skipping host. Host unnamed.infotel.bg (212.39.64.209) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.209) Adding TCP port 23 (state Open). The SYN scan took 10 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 36989 is closed and neither are firewalled For OSScan assuming that port 23 is open and port 43884 is closed and neither are firewalled For OSScan assuming that port 23 is open and port 35286 is closed and neither are firewalled Interesting ports on unnamed.infotel.bg (212.39.64.209): Port State Protocol Service 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=trivial time dependency Difficulty=1 (Trivial joke) Sequence numbers: 63F21039 63F2138B 63F21615 63F218D1 63F21B8D 63F21E7B No OS matches for this host. TCP fingerprints: TSeq(Class=TD%gcd=32%SI=1) TSeq(Class=TD%gcd=32%SI=6) TSeq(Class=TD%gcd=32%SI=1) T1(Resp=Y%DF=N%W=800%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=800%ACK=S++%Flags=AS%Ops=M) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) T5(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) T7(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=54%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=F) Host unnamed.infotel.bg (212.39.64.210) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.210) The SYN scan took 397 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.210): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.64.211) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.211) The SYN scan took 397 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.211): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.64.212) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.212) The SYN scan took 397 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.212): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.64.213) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.222) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.222) The SYN scan took 20 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.222): Port State Protocol Service 21 filtered tcp ftp 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc Remote OS guesses: Windows NT4 / Win95 / Win98, Windows NT 5 Beta2 OS Fingerprint: T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host unnamed.infotel.bg (212.39.64.223) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.223) seems to be a subnet broadcast address (returned 2 extra pings). Skipping host. Host unnamed.infotel.bg (212.39.64.224) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.224) seems to be a subnet broadcast address (returned 1 extra pings). Skipping host. Host unnamed.infotel.bg (212.39.64.225) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.225) The SYN scan took 397 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.225): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.64.226) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.227) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.227) The SYN scan took 398 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.227): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.64.228) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.228) The SYN scan took 398 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.228): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.64.229) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.229) The SYN scan took 398 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.229): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.64.230) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.237) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.237) The SYN scan took 398 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.237): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.64.238) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.239) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.239) seems to be a subnet broadcast address (returned 2 extra pings). Skipping host. Host unnamed.infotel.bg (212.39.64.240) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.250) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.251) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.251) The SYN scan took 397 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.64.251): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.64.252) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.253) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.253) Adding TCP port 76 (state Firewalled). <[ I've deleted all the firewalled ports here .... ]> The SYN scan took 46 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 41980 is closed and neither are firewalled Insufficient responses for TCP sequencing (0), OS detection will be MUCH less reliable For OSScan assuming that port 23 is open and port 43706 is closed and neither are firewalled Insufficient responses for TCP sequencing (0), OS detection will be MUCH less reliable For OSScan assuming that port 23 is open and port 35179 is closed and neither are firewalled Interesting ports on unnamed.infotel.bg (212.39.64.253): (Not showing ports in state: filtered) Port State Protocol Service 23 open tcp telnet TCP Sequence Prediction: Class=random positive increments Difficulty=762 (Medium) Sequence numbers: 83E273B 83E2ECB 83E2ECB 83E3303 83E3303 83E3830 No OS matches for this host. TCP fingerprints: T1(Resp=Y%DF=N%W=400%ACK=S++%Flags=AS%Ops=MNNTNW) TSeq(Class=RI%gcd=1%SI=2FA) T2(Resp=N) T1(Resp=N) T3(Resp=N) T2(Resp=N) T4(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=N) T5(Resp=N) T4(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T6(Resp=N) T5(Resp=N) T7(Resp=N) T6(Resp=N) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) T7(Resp=N) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) <[ Dammit.....pink elefant ..... ]> (Not.Iron - I really like the ping elefants;-) Host unnamed.infotel.bg (212.39.64.254) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.64.254) Adding TCP port 109 (state Open). Adding TCP port 25 (state Open). The SYN scan took 31 seconds to scan 120 ports. For OSScan assuming that port 25 is open and port 40102 is closed and neither are firewalled For OSScan assuming that port 25 is open and port 31708 is closed and neither are firewalled For OSScan assuming that port 25 is open and port 34977 is closed and neither are firewalled Interesting ports on unnamed.infotel.bg (212.39.64.254): Port State Protocol Service 21 filtered tcp ftp 25 open tcp smtp 49 filtered tcp unknown 80 filtered tcp www 109 open tcp pop2 111 filtered tcp sunrpc TCP Sequence Prediction: Class=random positive increments Difficulty=9082861 (Good luck!) Sequence numbers: 319C93F5 319C93F5 30997AC3 30B0FA39 30CB399C 3216313B No OS matches for this host. TCP fingerprints: TSeq(Class=RI%gcd=1%SI=B9E8D) TSeq(Class=RI%gcd=1%SI=C045D) TSeq(Class=RI%gcd=1%SI=8A97ED) T1(Resp=Y%DF=N%W=37FF%ACK=S++%Flags=AS%Ops=ME) T1(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T2(Resp=N) T3(Resp=Y%DF=N%W=37FF%ACK=S++%Flags=ASF%Ops=ME) T3(Resp=Y%DF=N%W=37FF%ACK=O%Flags=ASF%Ops=ME) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host unnamed.infotel.bg (212.39.64.255) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.64.255) seems to be a subnet broadcast address (returned 1 extra pings). Skipping host. Host unnamed.infotel.bg (212.39.65.0) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.0) seems to be a subnet broadcast address (returned 1 extra pings). Skipping host. Host unnamed.infotel.bg (212.39.65.1) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.65.1) Adding TCP port 23 (state Open). Adding TCP port 79 (state Open). The SYN scan took 12 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 38687 is closed and neither are firewalled For OSScan assuming that port 23 is open and port 34532 is closed and neither are firewalled For OSScan assuming that port 23 is open and port 38432 is closed and neither are firewalled Interesting ports on unnamed.infotel.bg (212.39.65.1): Port State Protocol Service 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 79 open tcp finger 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=random positive increments Difficulty=107269 (Good luck!) Sequence numbers: FCB6A390 FCC29F06 FCCBA98A FCD5E4E7 FCE1E087 FCEFAED4 No OS matches for this host. TCP fingerprints: TSeq(Class=RI%gcd=1%SI=206AA) TSeq(Class=RI%gcd=1%SI=9C915) TSeq(Class=RI%gcd=1%SI=1A305) T1(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T2(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T7(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=N) Host unnamed.infotel.bg (212.39.65.2) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.65.2) Adding TCP port 23 (state Open). Adding TCP port 79 (state Open). The SYN scan took 31 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 34976 is closed and neither are firewalled For OSScan assuming that port 23 is open and port 43700 is closed and neither are firewalled For OSScan assuming that port 23 is open and port 43897 is closed and neither are firewalled Interesting ports on unnamed.infotel.bg (212.39.65.2): Port State Protocol Service 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 79 open tcp finger 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=random positive increments Difficulty=111526 (Good luck!) Sequence numbers: 1BDE42A 1DD4865 1FC480C 21DC159 239F510 258491A No OS matches for this host. TCP fingerprints: TSeq(Class=RI%gcd=1%SI=192E5) TSeq(Class=RI%gcd=1%SI=9B208) TSeq(Class=RI%gcd=1%SI=1B3A6) T1(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) <[ Again pink elefant .... ]> (Not.Iron - I'm liking them more;-) may be here is the place to curse you, ManiaX , because I'm reading this shit at 1:30am because they have to be ready for tomorrow......hmm.... Feel cursed :-) Host unnamed.infotel.bg (212.39.65.3) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.65.3) Adding TCP port 23 (state Open). Adding TCP port 79 (state Open). The SYN scan took 22 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 36820 is closed and neither are firewalled Interesting ports on unnamed.infotel.bg (212.39.65.3): Port State Protocol Service 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 79 open tcp finger 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=random positive increments Difficulty=92712 (Worthy challenge) Sequence numbers: 4531BBC 462B6AE 470E99E 4822651 4922B7B 49F5CB8 Remote operating system guess: Cisco 25XX/45XX Router or 29XX switch (IOS 11.2) OS Fingerprint: TSeq(Class=RI%gcd=1%SI=16A28) T1(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host unnamed.infotel.bg (212.39.65.4) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.65.4) Adding TCP port 23 (state Open). Adding TCP port 79 (state Open). The SYN scan took 29 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 31502 is closed and neither are firewalled Interesting ports on unnamed.infotel.bg (212.39.65.4): Port State Protocol Service 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 79 open tcp finger 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=random positive increments Difficulty=54481 (Worthy challenge) Sequence numbers: 6C2D17E 6DF23BC 6FCE594 7196BE2 7374C28 7530DFF Remote operating system guess: Cisco 25XX/45XX Router or 29XX switch (IOS 11.2) OS Fingerprint: TSeq(Class=RI%gcd=1%SI=D4D1) T1(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host unnamed.infotel.bg (212.39.65.5) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.65.5) Adding TCP port 23 (state Open). Adding TCP port 79 (state Open). The SYN scan took 13 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 37963 is closed and neither are firewalled Interesting ports on unnamed.infotel.bg (212.39.65.5): Port State Protocol Service 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 79 open tcp finger 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=random positive increments Difficulty=74713 (Worthy challenge) Sequence numbers: 86905AA 874B195 882AAE1 88D6034 898B94F 8A56071 Remote operating system guess: Cisco 25XX/45XX Router or 29XX switch (IOS 11.2) OS Fingerprint: TSeq(Class=RI%gcd=1%SI=123D9) T1(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host unnamed.infotel.bg (212.39.65.6) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.65.6) Adding TCP port 23 (state Open). Adding TCP port 79 (state Open). The SYN scan took 16 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 38632 is closed and neither are firewalled For OSScan assuming that port 23 is open and port 38063 is closed and neither are firewalled Interesting ports on unnamed.infotel.bg (212.39.65.6): Port State Protocol Service 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 79 open tcp finger 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=random positive increments Difficulty=91434 (Worthy challenge) Sequence numbers: AC0C685 AD28E4C AE8606D AFB34D6 B0FCD9A B2398F9 Remote operating system guess: Cisco 25XX/45XX Router or 29XX switch (IOS 11.2) OS Fingerprint: TSeq(Class=RI%gcd=1%SI=1652A) T1(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host unnamed.infotel.bg (212.39.65.7) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.15) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.15) seems to be a subnet broadcast address (returned 1 extra pings). Skipping host. Host unnamed.infotel.bg (212.39.65.16) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.16) seems to be a subnet broadcast address (returned 1 extra pings). Skipping host. Host unnamed.infotel.bg (212.39.65.17) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.65.17) The SYN scan took 11 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.65.17): Port State Protocol Service 21 filtered tcp ftp 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc Remote OS guesses: Cisco 7513/3640 Router (IOS 11.2(14)P), Cisco 25XX/45XX Router or 29XX switch (IOS 11.2), IBM Stackable Hub OS Fingerprint: T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) PU(Resp=N) Host unnamed.infotel.bg (212.39.65.18) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.65.18) Adding TCP port 23 (state Open). Adding TCP port 79 (state Open). The SYN scan took 16 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 41288 is closed and neither are firewalled For OSScan assuming that port 23 is open and port 34587 is closed and neither are firewalled For OSScan assuming that port 23 is open and port 34911 is closed and neither are firewalled Interesting ports on unnamed.infotel.bg (212.39.65.18): Port State Protocol Service 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 79 open tcp finger 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=random positive increments Difficulty=153366 (Good luck!) Sequence numbers: FB1FF29 FC0B97D FC9B3C6 FD7F6C8 FE4AF65 FEE6762 No OS matches for this host. TCP fingerprints: TSeq(Class=RI%gcd=1%SI=949E2) TSeq(Class=RI%gcd=1%SI=2189D) TSeq(Class=RI%gcd=1%SI=25716) T1(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T7(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host unnamed.infotel.bg (212.39.65.19) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.65.19) Adding TCP port 23 (state Open). Adding TCP port 79 (state Open). The SYN scan took 12 seconds to scan 120 ports. For OSScan assuming that port 23 is open and port 42662 is closed and neither are firewalled Interesting ports on unnamed.infotel.bg (212.39.65.19): Port State Protocol Service 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 79 open tcp finger 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=random positive increments Difficulty=87562 (Worthy challenge) Sequence numbers: 10D0192D 10D9FE57 10E56649 10EF2A8F 10FC1FA3 110579DE Remote operating system guess: Cisco 25XX/45XX Router or 29XX switch (IOS 11.2) OS Fingerprint: TSeq(Class=RI%gcd=1%SI=1560A) T1(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=10C0%ACK=S++%Flags=AS%Ops=M) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host unnamed.infotel.bg (212.39.65.20) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.31) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.31) seems to be a subnet broadcast address (returned 2 extra pings). Skipping host. Host unnamed.infotel.bg (212.39.65.32) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.72) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.65.72) The SYN scan took 398 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.65.72): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.65.73) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.113) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.65.113) The SYN scan took 398 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.65.113): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.65.114) appears to be down, skipping it. Host pppsof1.infotel.bg (212.39.65.129) appears to be up ... good. Initiating SYN half-open stealth scan against pppsof1.infotel.bg (212.39.65.129) RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 The SYN scan took 441 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on pppsof1.infotel.bg (212.39.65.129): Port State Protocol Service 21 filtered tcp ftp 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc Remote OS guesses: Windows NT4 / Win95 / Win98, Windows NT 5 Beta2 OS Fingerprint: T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host pppsof2.infotel.bg (212.39.65.130) appears to be down, skipping it. Host pppsof3.infotel.bg (212.39.65.131) appears to be down, skipping it. Host pppsof4.infotel.bg (212.39.65.132) appears to be up ... good. Initiating SYN half-open stealth scan against pppsof4.infotel.bg (212.39.65.132) The SYN scan took 122 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on pppsof4.infotel.bg (212.39.65.132): Port State Protocol Service 21 filtered tcp ftp 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc Remote OS guesses: Windows NT4 / Win95 / Win98, Windows NT 5 Beta2 OS Fingerprint: T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host pppsof5.infotel.bg (212.39.65.133) appears to be up ... good. Initiating SYN half-open stealth scan against pppsof5.infotel.bg (212.39.65.133) The SYN scan took 33 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on pppsof5.infotel.bg (212.39.65.133): Port State Protocol Service 21 filtered tcp ftp 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc Remote OS guesses: Windows NT4 / Win95 / Win98, Windows NT 5 Beta2 OS Fingerprint: T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host pppsof6.infotel.bg (212.39.65.134) appears to be down, skipping it. Host pppsof7.infotel.bg (212.39.65.135) appears to be up ... good. Initiating SYN half-open stealth scan against pppsof7.infotel.bg (212.39.65.135) The SYN scan took 316 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on pppsof7.infotel.bg (212.39.65.135): Port State Protocol Service 21 filtered tcp ftp 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc Remote OS guesses: Windows NT4 / Win95 / Win98, Windows NT 5 Beta2 OS Fingerprint: T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host pppsof8.infotel.bg (212.39.65.136) appears to be down, skipping it. Host pppsof9.infotel.bg (212.39.65.137) appears to be down, skipping it. Host pppsof10.infotel.bg (212.39.65.138) appears to be up ... good. Initiating SYN half-open stealth scan against pppsof10.infotel.bg (212.39.65.138) The SYN scan took 397 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on pppsof10.infotel.bg (212.39.65.138): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host pppsof11.infotel.bg (212.39.65.139) appears to be up ... good. Initiating SYN half-open stealth scan against pppsof11.infotel.bg (212.39.65.139) The SYN scan took 78 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on pppsof11.infotel.bg (212.39.65.139): Port State Protocol Service 21 filtered tcp ftp 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc No OS matches for this host. TCP fingerprints: T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host pppsof12.infotel.bg (212.39.65.140) appears to be down, skipping it. Host pppsof13.infotel.bg (212.39.65.141) appears to be up ... good. Initiating SYN half-open stealth scan against pppsof13.infotel.bg (212.39.65.141) The SYN scan took 397 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on pppsof13.infotel.bg (212.39.65.141): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host pppsof14.infotel.bg (212.39.65.142) appears to be down, skipping it. Host pppsof15.infotel.bg (212.39.65.143) appears to be down, skipping it. Host pppsof16.infotel.bg (212.39.65.144) appears to be down, skipping it. Host pppsof17.infotel.bg (212.39.65.145) appears to be up ... good. Initiating SYN half-open stealth scan against pppsof17.infotel.bg (212.39.65.145) Adding TCP port 59 (state Open). Adding TCP port 79 (state Open). Adding TCP port 113 (state Open). The SYN scan took 19 seconds to scan 120 ports. For OSScan assuming that port 59 is open and port 33587 is closed and neither are firewalled Interesting ports on pppsof17.infotel.bg (212.39.65.145): Port State Protocol Service 21 filtered tcp ftp 49 filtered tcp unknown 59 open tcp unknown 79 open tcp finger 80 filtered tcp www 111 filtered tcp sunrpc 113 open tcp auth TCP Sequence Prediction: Class=random positive increments Difficulty=476 (Medium) Sequence numbers: 753694 753AE5 753D62 7540FA 754876 Remote operating system guess: Windows NT4 / Win95 / Win98 OS Fingerprint: TSeq(Class=RI%gcd=1%SI=1DC) T1(Resp=Y%DF=Y%W=16D0%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=Y%W=16D0%ACK=S++%Flags=AS%Ops=M) T4(Resp=N) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host pppsof18.infotel.bg (212.39.65.146) appears to be down, skipping it. Host pppsof19.infotel.bg (212.39.65.147) appears to be up ... good. Initiating SYN half-open stealth scan against pppsof19.infotel.bg (212.39.65.147) The SYN scan took 397 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on pppsof19.infotel.bg (212.39.65.147): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host pppsof20.infotel.bg (212.39.65.148) appears to be down, skipping it. Host pppsof27.infotel.bg (212.39.65.155) appears to be down, skipping it. Host pppsof28.infotel.bg (212.39.65.156) appears to be up ... good. Initiating SYN half-open stealth scan against pppsof28.infotel.bg (212.39.65.156) The SYN scan took 16 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on pppsof28.infotel.bg (212.39.65.156): Port State Protocol Service 21 filtered tcp ftp 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc Remote OS guesses: Windows NT4 / Win95 / Win98, Windows NT 5 Beta2 OS Fingerprint: T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host pppsof29.infotel.bg (212.39.65.157) appears to be down, skipping it. Host pppsof30.infotel.bg (212.39.65.158) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.159) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.192) seems to be a subnet broadcast address (returned 2 extra pings). Skipping host. Host fpn.infotel.bg (212.39.65.193) appears to be up ... good. Initiating SYN half-open stealth scan against fpn.infotel.bg (212.39.65.193) Adding TCP port 9 (state Open). Adding TCP port 13 (state Open). Adding TCP port 53 (state Open). Adding TCP port 25 (state Open). Adding TCP port 7 (state Open). Adding TCP port 37 (state Open). Adding TCP port 23 (state Open). Adding TCP port 119 (state Open). Adding TCP port 79 (state Open). Adding TCP port 19 (state Open). Adding TCP port 110 (state Open). Adding TCP port 113 (state Open). The SYN scan took 19 seconds to scan 120 ports. For OSScan assuming that port 7 is open and port 44655 is closed and neither are firewalled Interesting ports on fpn.infotel.bg (212.39.65.193): Port State Protocol Service 7 open tcp echo 9 open tcp discard 13 open tcp daytime 19 open tcp chargen 21 filtered tcp ftp 23 open tcp telnet 25 open tcp smtp 37 open tcp time 49 filtered tcp unknown 53 open tcp domain 79 open tcp finger 80 filtered tcp www 110 open tcp pop3 111 filtered tcp sunrpc 113 open tcp auth 119 open tcp nntp TCP Sequence Prediction: Class=64K rule Difficulty=1 (Trivial joke) Sequence numbers: 50641400 50650E00 50660800 5067FC00 5069F000 Remote operating system guess: HP-UX 10.20 E 9000/777 or A 712/60 with tcp_random_seq = 0 OS Fingerprint: TSeq(Class=64K) T1(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=Y%W=8000%ACK=O%Flags=A%Ops=) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E) <[ :))) Just sits and wait to be f*cked.... ]> Host unnamed.infotel.bg (212.39.65.194) appears to be down, skipping it. Host db.infotel.bg (212.39.65.195) appears to be up ... good. Initiating SYN half-open stealth scan against db.infotel.bg (212.39.65.195) Adding TCP port 9 (state Open). Adding TCP port 13 (state Open). Adding TCP port 25 (state Open). Adding TCP port 7 (state Open). Adding TCP port 23 (state Open). Adding TCP port 37 (state Open). Adding TCP port 19 (state Open). Adding TCP port 113 (state Open). The SYN scan took 13 seconds to scan 120 ports. For OSScan assuming that port 7 is open and port 35861 is closed and neither are firewalled For OSScan assuming that port 7 is open and port 42889 is closed and neither are firewalled Interesting ports on db.infotel.bg (212.39.65.195): Port State Protocol Service 7 open tcp echo 9 open tcp discard 13 open tcp daytime 19 open tcp chargen 21 filtered tcp ftp 23 open tcp telnet 25 open tcp smtp 37 open tcp time 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc 113 open tcp auth TCP Sequence Prediction: Class=64K rule Difficulty=1 (Trivial joke) Sequence numbers: 54185201 54194C01 541A4601 541B4001 541C3A01 541D3401 Remote operating system guess: HP-UX 10.20 E 9000/777 or A 712/60 with tcp_random_seq = 0 OS Fingerprint: TSeq(Class=64K) T1(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=Y%W=8000%ACK=O%Flags=A%Ops=) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E) <[ There could be some very interesting things on this machine... ]> Host www1.infotel.bg (212.39.65.196) appears to be up ... good. Initiating SYN half-open stealth scan against www1.infotel.bg (212.39.65.196) Adding TCP port 9 (state Open). Adding TCP port 13 (state Open). Adding TCP port 53 (state Open). Adding TCP port 25 (state Open). Adding TCP port 7 (state Open). Adding TCP port 23 (state Open). Adding TCP port 37 (state Open). Adding TCP port 79 (state Open). Adding TCP port 19 (state Open). Adding TCP port 110 (state Open). The SYN scan took 22 seconds to scan 120 ports. For OSScan assuming that port 7 is open and port 35473 is closed and neither are firewalled Interesting ports on www1.infotel.bg (212.39.65.196): Port State Protocol Service 7 open tcp echo 9 open tcp discard 13 open tcp daytime 19 open tcp chargen 21 filtered tcp ftp 23 open tcp telnet 25 open tcp smtp 37 open tcp time 49 filtered tcp unknown 53 open tcp domain 79 open tcp finger 80 filtered tcp www 110 open tcp pop3 111 filtered tcp sunrpc TCP Sequence Prediction: Class=64K rule Difficulty=1 (Trivial joke) Sequence numbers: 136F9600 13709000 13718A00 13728400 13737E00 13757200 Remote operating system guess: HP-UX 10.20 E 9000/777 or A 712/60 with tcp_random_seq = 0 OS Fingerprint: TSeq(Class=64K) T1(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=Y%W=8000%ACK=O%Flags=A%Ops=) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E) Host hdesk.gurko.cits.btc.bg (212.39.65.197) appears to be up ... good. Initiating SYN half-open stealth scan against hdesk.gurko.cits.btc.bg (212.39.65.197) Adding TCP port 9 (state Open). Adding TCP port 13 (state Open). Adding TCP port 53 (state Open). Adding TCP port 25 (state Open). Adding TCP port 7 (state Open). Adding TCP port 23 (state Open). Adding TCP port 37 (state Open). Adding TCP port 19 (state Open). Adding TCP port 113 (state Open). The SYN scan took 11 seconds to scan 120 ports. For OSScan assuming that port 7 is open and port 36042 is closed and neither are firewalled Insufficient responses for TCP sequencing (3), OS detection will be MUCH less reliable Interesting ports on hdesk.gurko.cits.btc.bg (212.39.65.197): Port State Protocol Service 7 open tcp echo 9 open tcp discard 13 open tcp daytime 19 open tcp chargen 21 filtered tcp ftp 23 open tcp telnet 25 open tcp smtp 37 open tcp time 49 filtered tcp unknown 53 open tcp domain 80 filtered tcp www 111 filtered tcp sunrpc 113 open tcp auth Remote OS guesses: HP-UX 10.20 E 9000/777 or A 712/60 with tcp_random_seq = 0, HP-UX 10.20 OS Fingerprint: T1(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=Y%W=8000%ACK=O%Flags=A%Ops=) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E) <[ Hdesk ? Sounds like HelpDesk ...gurko.cits sounds like it's possition ....has some one gone to CITS on Gurko str. ? :) ]> Host unnamed.infotel.bg (212.39.65.198) appears to be up ... good. Initiating SYN half-open stealth scan against unnamed.infotel.bg (212.39.65.198) Here it is: 3 4 13 1 0 0 0 0 45 0 1 52 1 28 40 0 3F 6 69 B4 C2 C EB C1 C2 8D 19 C1 66 FE C 38 59 B6 1D E Here it is: 3 4 13 1 0 0 0 0 45 0 1 52 1 28 40 0 3F 6 69 80 C2 C EB C1 C2 8D 19 C1 66 FE C 38 59 B6 1D E The SYN scan took 397 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on unnamed.infotel.bg (212.39.65.198): (Not showing ports in state: filtered) Port State Protocol Service No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Host ibm2210.infotel.bg (212.39.65.199) appears to be up ... good. Initiating SYN half-open stealth scan against ibm2210.infotel.bg (212.39.65.199) Adding TCP port 9 (state Open). Adding TCP port 23 (state Open). The SYN scan took 22 seconds to scan 120 ports. For OSScan assuming that port 9 is open and port 31016 is closed and neither are firewalled For OSScan assuming that port 9 is open and port 34912 is closed and neither are firewalled WARNING: RST from port 9 -- is this port really open? For OSScan assuming that port 9 is open and port 30676 is closed and neither are firewalled Interesting ports on ibm2210.infotel.bg (212.39.65.199): Port State Protocol Service 9 open tcp discard 21 filtered tcp ftp 23 open tcp telnet 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc TCP Sequence Prediction: Class=trivial time dependency Difficulty=8 (Trivial joke) Sequence numbers: 6F2501 6F2545 6F258A 6F25C8 6F2601 6F2651 No OS matches for this host. TCP fingerprints: TSeq(Class=TD%gcd=1%SI=1B) TSeq(Class=TD%gcd=1%SI=43) TSeq(Class=TD%gcd=1%SI=8) T1(Resp=Y%DF=N%W=200%ACK=S++%Flags=AS%Ops=ML) T2(Resp=N) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T4(Resp=Y%DF=N%W=0%ACK=S++%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host br.infotel.bg (212.39.65.200) appears to be up ... good. Initiating SYN half-open stealth scan against br.infotel.bg (212.39.65.200) The SYN scan took 13 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on br.infotel.bg (212.39.65.200): Port State Protocol Service 21 filtered tcp ftp 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc No OS matches for this host. TCP fingerprints: T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T5(Resp=N) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T6(Resp=N) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T7(Resp=N) PU(Resp=N) Host unnamed.infotel.bg (212.39.65.201) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.207) seems to be a subnet broadcast address (returned 1 extra pings). Skipping host. Host unnamed.infotel.bg (212.39.65.208) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.208) seems to be a subnet broadcast address (returned 1 extra pings). Skipping host. Host db.infotel.bg (212.39.65.209) appears to be up ... good. Initiating SYN half-open stealth scan against db.infotel.bg (212.39.65.209) Adding TCP port 9 (state Open). Adding TCP port 13 (state Open). Adding TCP port 25 (state Open). Adding TCP port 7 (state Open). Adding TCP port 70 (state Firewalled). Adding TCP port 37 (state Open). Adding TCP port 19 (state Open). Adding TCP port 113 (state Open). Adding TCP port 43 (state Firewalled). Adding TCP port 23 (state Firewalled). The SYN scan took 16 seconds to scan 120 ports. For OSScan assuming that port 7 is open and port 30826 is closed and neither are firewalled For OSScan assuming that port 7 is open and port 30920 is closed and neither are firewalled Interesting ports on db.infotel.bg (212.39.65.209): Port State Protocol Service 7 open tcp echo 9 open tcp discard 13 open tcp daytime 19 open tcp chargen 21 filtered tcp ftp 23 filtered tcp telnet 25 open tcp smtp 37 open tcp time 43 filtered tcp whois 49 filtered tcp unknown 70 filtered tcp gopher 80 filtered tcp www 111 filtered tcp sunrpc 113 open tcp auth TCP Sequence Prediction: Class=64K rule Difficulty=1 (Trivial joke) Sequence numbers: 542DCE01 542EC801 542FC201 5430BC01 5431B601 5432B001 Remote operating system guess: HP-UX 10.20 E 9000/777 or A 712/60 with tcp_random_seq = 0 OS Fingerprint: TSeq(Class=64K) T1(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=Y%W=8000%ACK=O%Flags=A%Ops=) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E) Host fpn.infotel.bg (212.39.65.210) appears to be up ... good. Initiating SYN half-open stealth scan against fpn.infotel.bg (212.39.65.210) Adding TCP port 9 (state Open). Adding TCP port 13 (state Open). Adding TCP port 53 (state Open). Adding TCP port 25 (state Open). Adding TCP port 7 (state Open). Adding TCP port 70 (state Firewalled). Adding TCP port 37 (state Open). Adding TCP port 119 (state Open). Adding TCP port 79 (state Open). Adding TCP port 19 (state Open). Adding TCP port 110 (state Open). Adding TCP port 113 (state Open). Adding TCP port 23 (state Firewalled). Adding TCP port 43 (state Firewalled). The SYN scan took 19 seconds to scan 120 ports. For OSScan assuming that port 7 is open and port 38565 is closed and neither are firewalled Interesting ports on fpn.infotel.bg (212.39.65.210): Port State Protocol Service 7 open tcp echo 9 open tcp discard 13 open tcp daytime 19 open tcp chargen 21 filtered tcp ftp 23 filtered tcp telnet 25 open tcp smtp 37 open tcp time 43 filtered tcp whois 49 filtered tcp unknown 53 open tcp domain 70 filtered tcp gopher 79 open tcp finger 80 filtered tcp www 110 open tcp pop3 111 filtered tcp sunrpc 113 open tcp auth 119 open tcp nntp TCP Sequence Prediction: Class=64K rule Difficulty=1 (Trivial joke) Sequence numbers: 55BF2C00 55C21A00 55C60200 55C6FC00 55CAE400 55CBDE00 Remote operating system guess: HP-UX 10.20 E 9000/777 or A 712/60 with tcp_random_seq = 0 OS Fingerprint: TSeq(Class=64K) T1(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=Y%W=8000%ACK=O%Flags=A%Ops=) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E) Host www1.infotel.bg (212.39.65.211) appears to be up ... good. Initiating SYN half-open stealth scan against www1.infotel.bg (212.39.65.211) Adding TCP port 9 (state Open). Adding TCP port 13 (state Open). Adding TCP port 53 (state Open). Adding TCP port 25 (state Open). Adding TCP port 7 (state Open). Adding TCP port 23 (state Firewalled). Adding TCP port 37 (state Open). Adding TCP port 79 (state Open). Adding TCP port 70 (state Firewalled). Adding TCP port 19 (state Open). Adding TCP port 110 (state Open). Adding TCP port 43 (state Firewalled). The SYN scan took 15 seconds to scan 120 ports. For OSScan assuming that port 7 is open and port 43012 is closed and neither are firewalled Interesting ports on www1.infotel.bg (212.39.65.211): Port State Protocol Service 7 open tcp echo 9 open tcp discard 13 open tcp daytime 19 open tcp chargen 21 filtered tcp ftp 23 filtered tcp telnet 25 open tcp smtp 37 open tcp time 43 filtered tcp whois 49 filtered tcp unknown 53 open tcp domain 70 filtered tcp gopher 79 open tcp finger 80 filtered tcp www 110 open tcp pop3 111 filtered tcp sunrpc TCP Sequence Prediction: Class=64K rule Difficulty=1 (Trivial joke) Sequence numbers: 15658A00 15668400 15687800 15697200 156A6C00 156B6600 Remote operating system guess: HP-UX 10.20 E 9000/777 or A 712/60 with tcp_random_seq = 0 OS Fingerprint: TSeq(Class=64K) T1(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=Y%W=8000%ACK=O%Flags=A%Ops=) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E) Host fw.infotel.bg (212.39.65.212) appears to be up ... good. Initiating SYN half-open stealth scan against fw.infotel.bg (212.39.65.212) Adding TCP port 109 (state Open). Adding TCP port 53 (state Open). Adding TCP port 25 (state Open). Adding TCP port 23 (state Firewalled). Adding TCP port 119 (state Open). Adding TCP port 70 (state Firewalled). Adding TCP port 43 (state Firewalled). Adding TCP port 110 (state Open). The SYN scan took 13 seconds to scan 120 ports. For OSScan assuming that port 25 is open and port 34434 is closed and neither are firewalled For OSScan assuming that port 25 is open and port 33472 is closed and neither are firewalled Interesting ports on fw.infotel.bg (212.39.65.212): Port State Protocol Service 21 filtered tcp ftp 23 filtered tcp telnet 25 open tcp smtp 43 filtered tcp whois 49 filtered tcp unknown 53 open tcp domain 70 filtered tcp gopher 80 filtered tcp www 109 open tcp pop2 110 open tcp pop3 111 filtered tcp sunrpc 119 open tcp nntp TCP Sequence Prediction: Class=random positive increments Difficulty=22031 (Worthy challenge) Sequence numbers: 33F3C725 33F45449 33F4D856 33F596D9 33F7041A 33F8023D Remote operating system guess: HP-UX 10.20 OS Fingerprint: TSeq(Class=RI%gcd=1%SI=560F) T1(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=Y%W=8000%ACK=O%Flags=A%Ops=) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E) Host unnamed.infotel.bg (212.39.65.213) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.214) appears to be down, skipping it. Host nb.infotel.bg (212.39.65.215) appears to be down, skipping it. Host switch.infotel.bg (212.39.65.216) appears to be up ... good. Initiating SYN half-open stealth scan against switch.infotel.bg (212.39.65.216) Adding TCP port 70 (state Firewalled). Adding TCP port 23 (state Firewalled). Adding TCP port 43 (state Firewalled). The SYN scan took 30 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on switch.infotel.bg (212.39.65.216): Port State Protocol Service 21 filtered tcp ftp 23 filtered tcp telnet 43 filtered tcp whois 49 filtered tcp unknown 70 filtered tcp gopher 80 filtered tcp www 111 filtered tcp sunrpc Remote OS guesses: 3Com SuperStack II (unknown OS version), Asanta IntraStack Ethernet Switch (6014 DSB Versions: BP(2.06 ), FW(1.03 )), Asanta IntraSwitch 5324, AsanteHub 2072 Ethernet Hub OS Fingerprint: T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=APR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=S%Flags=APR%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=APR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Host unnamed.infotel.bg (212.39.65.217) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.218) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.219) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.220) appears to be down, skipping it. Host br.infotel.bg (212.39.65.221) appears to be up ... good. Initiating SYN half-open stealth scan against br.infotel.bg (212.39.65.221) The SYN scan took 18 seconds to scan 120 ports. Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Warning: No ports found open on this machine, OS detection will be MUCH less reliable Interesting ports on br.infotel.bg (212.39.65.221): Port State Protocol Service 21 filtered tcp ftp 49 filtered tcp unknown 80 filtered tcp www 111 filtered tcp sunrpc No OS matches for this host. TCP fingerprints: T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=N) Host unnamed.infotel.bg (212.39.65.222) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.223) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.223) seems to be a subnet broadcast address (returned 1 extra pings). Skipping host. Host unnamed.infotel.bg (212.39.65.224) appears to be down, skipping it. Host unnamed.infotel.bg (212.39.65.255) appears to be down, skipping it. Nmap run completed -- 512 IP addresses (75 hosts up) scanned in 15926 seconds <[So ... for the statistics - 13 Ciscos, 10 Windows machines... Does this look like a small provider that won't kill the others ? ]> 1.4. sendmail, qmail - mail agents, versions Here it will be very good to use the EXPN command, which gives all the aliases for a given address ...example: Trying 194.12.224.34... Connected to home.nat.bg. Escape character is '^]'. 220 home.ntrl.net ESMTP Sendmail My/Config; Sun, 18 Jul 1999 18:59:21 +0300 HELO my.machine.com 250 home.ntrl.net Hello root@doom.damned.net [14.122.25.14], pleased to meet you EXPN root 250 EXPN delian 250 EXPN postmaster 250 QUIT 221 home.ntrl.net closing connection Here you can see how all the mail of the root account is forwarded to postmaster. This way you can see which one is root's unprvileged account, as usually the admins forward the root's email to their own. 1.5. web - the different serverices that are avialable, the sites hosted there, emails of the technical and administrative contacts (easy to phish), mrtg, different DBs, avialable from the web,like lotus notes and user-supports, etc. <[ Here for example i can give you BIA's and Naturella's (now Lirex) systems - you can get a lot of information about the user who's account you're using...... Anyone can try this, even under windows :) ]> 1.6. FTP - annonymous ftp server, open incoming directory, favourable files on the server. I've used the FTP server of Sofia University for example (ftp.uni-sofia.bg). From the begining you can see some interesting things, like that there resides ftp.bguug.bg or it's mirror, which is on another HDD (when you go to that directory, you can see lost+found directory, which is created at every ext2fs' partiton's root directiory). Looks like there is connection between bguug and uni-sofia .... <[ Some more information become avialable after the completion of the article, as ftp.bguug.bg was on a sepatate machine which blew up, and because nobody cares about it it still resides there ]> Another interesting thing is that there are 2 public writeable directorutes, incoming and hdd (???), but both aren't readable for the annonymous ftp user. In the /pub directory you can find things such as software for MacOS, OS/2, win31, win95, winNT, dos... In fact, the pub directory of every school/corporation/etc. can tell you the type of software that is used within it, just because nobody leaves something he doesn't use/need on his ftp server. This way, you can find that for exampe someone uses wingate .... :) 1.7. SNMP - interfaces,netstats,easy portscan. Creating of a map of the network based on SNMP. Example sump of a SNMP database: system.sysDescr.0 = OCTET STRING: "Linux xxx 2.2.10 i586" system.sysObjectID.0 = OBJECT IDENTIFIER: enterprises.tubs.ibr.linuxMIB system.sysUpTime.0 = Timeticks: (42416875) 4 days, 21:49:28 system.sysContact.0 = OCTET STRING: "Not Configured" system.sysName.0 = OCTET STRING: "xxx" Hex: 65 6F 73 system.sysLocation.0 = OCTET STRING: "Not Configured" system.sysServices.0 = INTEGER: 72 system.sysORLastChange.0 = Timeticks: (0) 0:00:00 system.sysORTable.sysOREntry.sysORID.1 = OBJECT IDENTIFIER: enterprises.tubs.ibr.linuxMIB.1.1 system.sysORTable.sysOREntry.sysORDescr.1 = OCTET STRING: "LINUX agent" system.sysORTable.sysOREntry.sysORUpTime.1 = Timeticks: (42416876) 4 days, 21:49:28 <[ System's identification... uptime, name, location ]> interfaces.ifNumber.0 = INTEGER: 9 <[ number of the interfaces on the machine... ]> interfaces.ifTable.ifEntry.ifIndex.1 = INTEGER: 1 interfaces.ifTable.ifEntry.ifIndex.2 = INTEGER: 2 interfaces.ifTable.ifEntry.ifIndex.3 = INTEGER: 3 interfaces.ifTable.ifEntry.ifIndex.4 = INTEGER: 4 interfaces.ifTable.ifEntry.ifIndex.5 = INTEGER: 5 interfaces.ifTable.ifEntry.ifIndex.6 = INTEGER: 6 interfaces.ifTable.ifEntry.ifIndex.7 = INTEGER: 7 interfaces.ifTable.ifEntry.ifIndex.8 = INTEGER: 8 interfaces.ifTable.ifEntry.ifIndex.9 = INTEGER: 9 interfaces.ifTable.ifEntry.ifDescr.1 = OCTET STRING: "lo" Hex: 6C 6F interfaces.ifTable.ifEntry.ifDescr.2 = OCTET STRING: "eth0" Hex: 65 74 68 30 interfaces.ifTable.ifEntry.ifDescr.3 = OCTET STRING: "dummy0" interfaces.ifTable.ifEntry.ifDescr.4 = OCTET STRING: "ppp0" Hex: 70 70 70 30 interfaces.ifTable.ifEntry.ifDescr.5 = OCTET STRING: "ppp5" Hex: 70 70 70 35 interfaces.ifTable.ifEntry.ifDescr.6 = OCTET STRING: "ppp1" Hex: 70 70 70 31 interfaces.ifTable.ifEntry.ifDescr.7 = OCTET STRING: "ppp3" Hex: 70 70 70 33 interfaces.ifTable.ifEntry.ifDescr.8 = OCTET STRING: "ppp4" Hex: 70 70 70 34 interfaces.ifTable.ifEntry.ifDescr.9 = OCTET STRING: "ppp2" Hex: 70 70 70 32 <[ The part aboe just tells the interfaces' names ]> interfaces.ifTable.ifEntry.ifType.1 = INTEGER: softwareLoopback(24) interfaces.ifTable.ifEntry.ifType.2 = INTEGER: ethernet-csmacd(6) interfaces.ifTable.ifEntry.ifType.3 = INTEGER: other(1) interfaces.ifTable.ifEntry.ifType.4 = INTEGER: ppp(23) interfaces.ifTable.ifEntry.ifType.5 = INTEGER: ppp(23) interfaces.ifTable.ifEntry.ifType.6 = INTEGER: ppp(23) interfaces.ifTable.ifEntry.ifType.7 = INTEGER: ppp(23) interfaces.ifTable.ifEntry.ifType.8 = INTEGER: ppp(23) interfaces.ifTable.ifEntry.ifType.9 = INTEGER: ppp(23) interfaces.ifTable.ifEntry.ifMtu.1 = INTEGER: 3924 interfaces.ifTable.ifEntry.ifMtu.2 = INTEGER: 1500 interfaces.ifTable.ifEntry.ifMtu.3 = INTEGER: 1500 interfaces.ifTable.ifEntry.ifMtu.4 = INTEGER: 576 interfaces.ifTable.ifEntry.ifMtu.5 = INTEGER: 1500 interfaces.ifTable.ifEntry.ifMtu.6 = INTEGER: 576 interfaces.ifTable.ifEntry.ifMtu.7 = INTEGER: 1500 interfaces.ifTable.ifEntry.ifMtu.8 = INTEGER: 1500 interfaces.ifTable.ifEntry.ifMtu.9 = INTEGER: 1500 interfaces.ifTable.ifEntry.ifSpeed.1 = Gauge: 10000000 interfaces.ifTable.ifEntry.ifSpeed.2 = Gauge: 10000000 interfaces.ifTable.ifEntry.ifSpeed.3 = Gauge: 0 interfaces.ifTable.ifEntry.ifSpeed.4 = Gauge: 28800 interfaces.ifTable.ifEntry.ifSpeed.5 = Gauge: 28800 interfaces.ifTable.ifEntry.ifSpeed.6 = Gauge: 28800 interfaces.ifTable.ifEntry.ifSpeed.7 = Gauge: 28800 interfaces.ifTable.ifEntry.ifSpeed.8 = Gauge: 28800 interfaces.ifTable.ifEntry.ifSpeed.9 = Gauge: 28800 <[ some parametrs ..... ]> interfaces.ifTable.ifEntry.ifPhysAddress.1 = OCTET STRING: Hex: 00 00 00 00 00 00 interfaces.ifTable.ifEntry.ifPhysAddress.2 = OCTET STRING: Hex: 52 54 AB DD 28 47 interfaces.ifTable.ifEntry.ifPhysAddress.3 = OCTET STRING: Hex: 00 00 00 00 00 00 interfaces.ifTable.ifEntry.ifPhysAddress.4 = OCTET STRING: Hex: 00 00 00 00 00 00 interfaces.ifTable.ifEntry.ifPhysAddress.5 = OCTET STRING: Hex: 00 00 00 00 00 00 interfaces.ifTable.ifEntry.ifPhysAddress.6 = OCTET STRING: Hex: 00 00 00 00 00 00 interfaces.ifTable.ifEntry.ifPhysAddress.7 = OCTET STRING: Hex: 00 00 00 00 00 00 interfaces.ifTable.ifEntry.ifPhysAddress.8 = OCTET STRING: Hex: 00 00 00 00 00 00 interfaces.ifTable.ifEntry.ifPhysAddress.9 = OCTET STRING: Hex: 00 00 00 00 00 00 interfaces.ifTable.ifEntry.ifAdminStatus.1 = INTEGER: up(1) interfaces.ifTable.ifEntry.ifAdminStatus.2 = INTEGER: up(1) interfaces.ifTable.ifEntry.ifAdminStatus.3 = INTEGER: up(1) interfaces.ifTable.ifEntry.ifAdminStatus.4 = INTEGER: up(1) interfaces.ifTable.ifEntry.ifAdminStatus.5 = INTEGER: down(2) interfaces.ifTable.ifEntry.ifAdminStatus.6 = INTEGER: up(1) interfaces.ifTable.ifEntry.ifAdminStatus.7 = INTEGER: down(2) interfaces.ifTable.ifEntry.ifAdminStatus.8 = INTEGER: down(2) interfaces.ifTable.ifEntry.ifAdminStatus.9 = INTEGER: down(2) interfaces.ifTable.ifEntry.ifOperStatus.1 = INTEGER: up(1) interfaces.ifTable.ifEntry.ifOperStatus.2 = INTEGER: up(1) interfaces.ifTable.ifEntry.ifOperStatus.3 = INTEGER: up(1) interfaces.ifTable.ifEntry.ifOperStatus.4 = INTEGER: up(1) interfaces.ifTable.ifEntry.ifOperStatus.5 = INTEGER: down(2) interfaces.ifTable.ifEntry.ifOperStatus.6 = INTEGER: up(1) interfaces.ifTable.ifEntry.ifOperStatus.7 = INTEGER: down(2) interfaces.ifTable.ifEntry.ifOperStatus.8 = INTEGER: down(2) interfaces.ifTable.ifEntry.ifOperStatus.9 = INTEGER: down(2) interfaces.ifTable.ifEntry.ifLastChange.1 = Timeticks: (0) 0:00:00 interfaces.ifTable.ifEntry.ifLastChange.2 = Timeticks: (0) 0:00:00 interfaces.ifTable.ifEntry.ifLastChange.3 = Timeticks: (0) 0:00:00 interfaces.ifTable.ifEntry.ifLastChange.4 = Timeticks: (0) 0:00:00 interfaces.ifTable.ifEntry.ifLastChange.5 = Timeticks: (0) 0:00:00 interfaces.ifTable.ifEntry.ifLastChange.6 = Timeticks: (0) 0:00:00 interfaces.ifTable.ifEntry.ifLastChange.7 = Timeticks: (0) 0:00:00 interfaces.ifTable.ifEntry.ifLastChange.8 = Timeticks: (0) 0:00:00 interfaces.ifTable.ifEntry.ifLastChange.9 = Timeticks: (0) 0:00:00 interfaces.ifTable.ifEntry.ifInOctets.1 = Counter: 176674335 interfaces.ifTable.ifEntry.ifInOctets.2 = Counter: 139040096 interfaces.ifTable.ifEntry.ifInOctets.3 = Counter: 0 interfaces.ifTable.ifEntry.ifInOctets.4 = Counter: 167871867 interfaces.ifTable.ifEntry.ifInOctets.5 = Counter: 3721 interfaces.ifTable.ifEntry.ifInOctets.6 = Counter: 57281 interfaces.ifTable.ifEntry.ifInOctets.7 = Counter: 218308 interfaces.ifTable.ifEntry.ifInOctets.8 = Counter: 31701 interfaces.ifTable.ifEntry.ifInOctets.9 = Counter: 3920 interfaces.ifTable.ifEntry.ifInUcastPkts.1 = Counter: 2160934 interfaces.ifTable.ifEntry.ifInUcastPkts.2 = Counter: 836960 interfaces.ifTable.ifEntry.ifInUcastPkts.3 = Counter: 0 interfaces.ifTable.ifEntry.ifInUcastPkts.4 = Counter: 613948 interfaces.ifTable.ifEntry.ifInUcastPkts.5 = Counter: 107 interfaces.ifTable.ifEntry.ifInUcastPkts.6 = Counter: 2313 interfaces.ifTable.ifEntry.ifInUcastPkts.7 = Counter: 3234 interfaces.ifTable.ifEntry.ifInUcastPkts.8 = Counter: 464 interfaces.ifTable.ifEntry.ifInUcastPkts.9 = Counter: 46 interfaces.ifTable.ifEntry.ifInNUcastPkts.1 = Counter: 0 interfaces.ifTable.ifEntry.ifInNUcastPkts.2 = Counter: 0 interfaces.ifTable.ifEntry.ifInNUcastPkts.3 = Counter: 0 interfaces.ifTable.ifEntry.ifInNUcastPkts.4 = Counter: 0 interfaces.ifTable.ifEntry.ifInNUcastPkts.5 = Counter: 0 interfaces.ifTable.ifEntry.ifInNUcastPkts.6 = Counter: 0 interfaces.ifTable.ifEntry.ifInNUcastPkts.7 = Counter: 0 interfaces.ifTable.ifEntry.ifInNUcastPkts.8 = Counter: 0 interfaces.ifTable.ifEntry.ifInNUcastPkts.9 = Counter: 0 interfaces.ifTable.ifEntry.ifInDiscards.1 = Counter: 0 interfaces.ifTable.ifEntry.ifInDiscards.2 = Counter: 0 interfaces.ifTable.ifEntry.ifInDiscards.3 = Counter: 0 interfaces.ifTable.ifEntry.ifInDiscards.4 = Counter: 0 interfaces.ifTable.ifEntry.ifInDiscards.5 = Counter: 0 interfaces.ifTable.ifEntry.ifInDiscards.6 = Counter: 0 interfaces.ifTable.ifEntry.ifInDiscards.7 = Counter: 0 interfaces.ifTable.ifEntry.ifInDiscards.8 = Counter: 0 interfaces.ifTable.ifEntry.ifInDiscards.9 = Counter: 0 interfaces.ifTable.ifEntry.ifInErrors.1 = Counter: 0 interfaces.ifTable.ifEntry.ifInErrors.2 = Counter: 0 interfaces.ifTable.ifEntry.ifInErrors.3 = Counter: 0 interfaces.ifTable.ifEntry.ifInErrors.4 = Counter: 20 interfaces.ifTable.ifEntry.ifInErrors.5 = Counter: 0 interfaces.ifTable.ifEntry.ifInErrors.6 = Counter: 2 interfaces.ifTable.ifEntry.ifInErrors.7 = Counter: 0 interfaces.ifTable.ifEntry.ifInErrors.8 = Counter: 0 interfaces.ifTable.ifEntry.ifInErrors.9 = Counter: 0 interfaces.ifTable.ifEntry.ifInUnknownProtos.1 = Counter: 0 interfaces.ifTable.ifEntry.ifInUnknownProtos.2 = Counter: 0 interfaces.ifTable.ifEntry.ifInUnknownProtos.3 = Counter: 0 interfaces.ifTable.ifEntry.ifInUnknownProtos.4 = Counter: 0 interfaces.ifTable.ifEntry.ifInUnknownProtos.5 = Counter: 0 interfaces.ifTable.ifEntry.ifInUnknownProtos.6 = Counter: 0 interfaces.ifTable.ifEntry.ifInUnknownProtos.7 = Counter: 0 interfaces.ifTable.ifEntry.ifInUnknownProtos.8 = Counter: 0 interfaces.ifTable.ifEntry.ifInUnknownProtos.9 = Counter: 0 interfaces.ifTable.ifEntry.ifOutOctets.1 = Counter: 176674335 interfaces.ifTable.ifEntry.ifOutOctets.2 = Counter: 237343906 interfaces.ifTable.ifEntry.ifOutOctets.3 = Counter: 1641685 interfaces.ifTable.ifEntry.ifOutOctets.4 = Counter: 35680061 interfaces.ifTable.ifEntry.ifOutOctets.5 = Counter: 3173 interfaces.ifTable.ifEntry.ifOutOctets.6 = Counter: 208146 interfaces.ifTable.ifEntry.ifOutOctets.7 = Counter: 1196797 interfaces.ifTable.ifEntry.ifOutOctets.8 = Counter: 120353 interfaces.ifTable.ifEntry.ifOutOctets.9 = Counter: 4279 interfaces.ifTable.ifEntry.ifOutUcastPkts.1 = Counter: 2160934 interfaces.ifTable.ifEntry.ifOutUcastPkts.2 = Counter: 827267 interfaces.ifTable.ifEntry.ifOutUcastPkts.3 = Counter: 3865 interfaces.ifTable.ifEntry.ifOutUcastPkts.4 = Counter: 556396 interfaces.ifTable.ifEntry.ifOutUcastPkts.5 = Counter: 103 interfaces.ifTable.ifEntry.ifOutUcastPkts.6 = Counter: 2286 interfaces.ifTable.ifEntry.ifOutUcastPkts.7 = Counter: 3688 interfaces.ifTable.ifEntry.ifOutUcastPkts.8 = Counter: 433 interfaces.ifTable.ifEntry.ifOutUcastPkts.9 = Counter: 50 interfaces.ifTable.ifEntry.ifOutNUcastPkts.1 = Counter: 0 interfaces.ifTable.ifEntry.ifOutNUcastPkts.2 = Counter: 0 interfaces.ifTable.ifEntry.ifOutNUcastPkts.3 = Counter: 0 interfaces.ifTable.ifEntry.ifOutNUcastPkts.4 = Counter: 0 interfaces.ifTable.ifEntry.ifOutNUcastPkts.5 = Counter: 0 interfaces.ifTable.ifEntry.ifOutNUcastPkts.6 = Counter: 0 interfaces.ifTable.ifEntry.ifOutNUcastPkts.7 = Counter: 0 interfaces.ifTable.ifEntry.ifOutNUcastPkts.8 = Counter: 0 interfaces.ifTable.ifEntry.ifOutNUcastPkts.9 = Counter: 0 interfaces.ifTable.ifEntry.ifOutDiscards.1 = Counter: 0 interfaces.ifTable.ifEntry.ifOutDiscards.2 = Counter: 0 interfaces.ifTable.ifEntry.ifOutDiscards.3 = Counter: 0 interfaces.ifTable.ifEntry.ifOutDiscards.4 = Counter: 0 interfaces.ifTable.ifEntry.ifOutDiscards.5 = Counter: 0 interfaces.ifTable.ifEntry.ifOutDiscards.6 = Counter: 0 interfaces.ifTable.ifEntry.ifOutDiscards.7 = Counter: 0 interfaces.ifTable.ifEntry.ifOutDiscards.8 = Counter: 0 interfaces.ifTable.ifEntry.ifOutDiscards.9 = Counter: 0 interfaces.ifTable.ifEntry.ifOutErrors.1 = Counter: 0 interfaces.ifTable.ifEntry.ifOutErrors.2 = Counter: 920 interfaces.ifTable.ifEntry.ifOutErrors.3 = Counter: 0 interfaces.ifTable.ifEntry.ifOutErrors.4 = Counter: 0 interfaces.ifTable.ifEntry.ifOutErrors.5 = Counter: 0 interfaces.ifTable.ifEntry.ifOutErrors.6 = Counter: 0 interfaces.ifTable.ifEntry.ifOutErrors.7 = Counter: 0 interfaces.ifTable.ifEntry.ifOutErrors.8 = Counter: 0 interfaces.ifTable.ifEntry.ifOutErrors.9 = Counter: 0 interfaces.ifTable.ifEntry.ifOutQLen.1 = Gauge: 0 interfaces.ifTable.ifEntry.ifOutQLen.2 = Gauge: 0 interfaces.ifTable.ifEntry.ifOutQLen.3 = Gauge: 0 interfaces.ifTable.ifEntry.ifOutQLen.4 = Gauge: 0 interfaces.ifTable.ifEntry.ifOutQLen.5 = Gauge: 0 interfaces.ifTable.ifEntry.ifOutQLen.6 = Gauge: 0 interfaces.ifTable.ifEntry.ifOutQLen.7 = Gauge: 0 interfaces.ifTable.ifEntry.ifOutQLen.8 = Gauge: 0 interfaces.ifTable.ifEntry.ifOutQLen.9 = Gauge: 0 interfaces.ifTable.ifEntry.ifSpecific.1 = OBJECT IDENTIFIER: .ccitt.0 interfaces.ifTable.ifEntry.ifSpecific.2 = OBJECT IDENTIFIER: .ccitt.0 interfaces.ifTable.ifEntry.ifSpecific.3 = OBJECT IDENTIFIER: .ccitt.0 interfaces.ifTable.ifEntry.ifSpecific.4 = OBJECT IDENTIFIER: .ccitt.0 interfaces.ifTable.ifEntry.ifSpecific.5 = OBJECT IDENTIFIER: .ccitt.0 interfaces.ifTable.ifEntry.ifSpecific.6 = OBJECT IDENTIFIER: .ccitt.0 interfaces.ifTable.ifEntry.ifSpecific.7 = OBJECT IDENTIFIER: .ccitt.0 interfaces.ifTable.ifEntry.ifSpecific.8 = OBJECT IDENTIFIER: .ccitt.0 interfaces.ifTable.ifEntry.ifSpecific.9 = OBJECT IDENTIFIER: .ccitt.0 <[ Interfaces' status ....... ]> at.atTable.atEntry.atIfIndex.2.1.192.168.0.4 = INTEGER: 2 at.atTable.atEntry.atIfIndex.2.1.12.32.42.194 = INTEGER: 2 at.atTable.atEntry.atIfIndex.2.1.12.32.42.195 = INTEGER: 2 at.atTable.atEntry.atIfIndex.2.1.12.32.42.199 = INTEGER: 2 at.atTable.atEntry.atPhysAddress.2.1.192.168.0.4 = OCTET STRING: Hex: 00 20 AF 3C 07 F7 at.atTable.atEntry.atPhysAddress.2.1.12.32.42.194 = OCTET STRING: Hex: 00 20 AF 90 C9 9E at.atTable.atEntry.atPhysAddress.2.1.12.32.42.195 = OCTET STRING: Hex: 00 00 21 00 0C 90 at.atTable.atEntry.atPhysAddress.2.1.12.32.42.199 = OCTET STRING: Hex: 00 00 21 00 0C 90 at.atTable.atEntry.atNetAddress.2.1.192.168.0.4 = IpAddress: 192.168.0.4 at.atTable.atEntry.atNetAddress.2.1.12.32.42.194 = IpAddress: 12.32.42.194 at.atTable.atEntry.atNetAddress.2.1.12.32.42.195 = IpAddress: 12.32.42.195 at.atTable.atEntry.atNetAddress.2.1.12.32.42.199 = IpAddress: 12.32.42.199 <[ at - address translation .......... ]> ip.ipForwarding.0 = INTEGER: forwarding(1) ip.ipDefaultTTL.0 = INTEGER: 64 ip.ipInReceives.0 = Counter: 4450847 ip.ipInHdrErrors.0 = Counter: 0 ip.ipInAddrErrors.0 = Counter: 0 ip.ipForwDatagrams.0 = Counter: 617086 ip.ipInUnknownProtos.0 = Counter: 0 ip.ipInDiscards.0 = Counter: 0 ip.ipInDelivers.0 = Counter: 2166415 ip.ipOutRequests.0 = Counter: 3754208 ip.ipOutDiscards.0 = Counter: 2063 ip.ipOutNoRoutes.0 = Counter: 0 ip.ipReasmTimeout.0 = INTEGER: 0 ip.ipReasmReqds.0 =