Tobias Ulmer wrote:
> Wow fun :) (the IP is from your mail, don't know if this is the firewall
> or what and i didn't look at other ips around it.)
>
> uran:tobiasu$ nmap -vv -P0 66.18.218.36
>
> Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-08-10 10:05
> CEST
> DNS resolution of 1 IPs took 7.02s.
> Initiating Connect() Scan against dsl-cap-66-18-218-36-cgy.nucleus.com
> (66.18.218.36) [1680 ports] at 10:05
> Discovered open port 53/tcp on 66.18.218.36
> Discovered open port 443/tcp on 66.18.218.36
> Discovered open port 22/tcp on 66.18.218.36
> Connect() Scan Timing: About 9.26% done; ETC: 10:11 (0:04:55 remaining)
> Increasing send delay for 66.18.218.36 from 0 to 5 due to
> max_successful_tryno increase to 4
> caught SIGINT signal, cleaning up
> uran:tobiasu$ telnet 66.18.218.36 22
> Trying 66.18.218.36...
> Connected to 66.18.218.36.
> Escape character is '^]'.
> SSH-1.99-OpenSSH_3.9 << 3.9 is a bit dated, don't you think (2004)?
Yes, I think it is a bit dated, which is why I want to replace it,
something I'm doing as soon as I get the hardware I've ordered.
> quit
> Protocol mismatch.
> Connection closed by foreign host.
> uran:tobiasu$ nslookup
>
>
>> server 66.18.218.36
> Default server: 66.18.218.36
> Address: 66.18.218.36#53
>> www.heise.de
> Server: 66.18.218.36
> Address: 66.18.218.36#53
>
> Non-authoritative answer:
> Name: www.heise.de
> Address: 193.99.144.85 << nice open nameserver (useful to flood other
> networks) :)
Yes, it is.
> The log messages may be the result of a trojan that tries to infect other
> hosts in the network.
Right -- but it still doesn't explain why I would be getting "Connection
closed by {host}" messages when the host is not even connected.
Thanks,
-Stephen-
