プライベートWLANを使用する招待されていないゲストがいます。最初は、おそらくインターネットにアクセスする必要がある、テクノロジーに精通した隣人だと思っていました。本当に気になりません。
しかし、私は彼らが常に同じ3つのデバイスを同時に接続しているように見えて、私の好奇心を刺激していることに気づきました。調査することにしました。この人が何をしているのかを正確に把握できるようにするためです。
当然、私はnmap
を起動することからプロセスを開始しました。これにより、いくつかの不可解なおよび/またはunknown servicesが報告されました=さまざまな任意または異常なopen TCP port番号にバインドされています。
これは私に目の前の質問をもたらします:
次は何ですか?このような状況で「不明なサービス」、を調査および/または特定するために、私はこれ以上何ができますか。 nmap
はどこに不足していますか?
Nmapレポート:
root@localhost:~# nmap -A 10.1.1.2-7 -p 1-65535
Starting Nmap 6.47 ( http://nmap.org ) at 2016-05-21 15:31 EDT
Stats: 2:22:10 elapsed; 3 hosts completed (3 up), 3 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 76.17% done; ETC: 18:37 (0:44:28 remaining)
Nmap scan report for 10.1.1.2
Host is up (0.044s latency).
Not shown: 65530 closed ports
PORT STATE SERVICE VERSION
6258/tcp open unknown
8382/tcp open unknown
9999/tcp open abyss?
38859/tcp open unknown
49152/tcp open upnp Portable SDK for UPnP devices 1.6.20
(Linux 3.4.0-perf-g61a2a9a;UPnP 1.0)
2 services unrecognized despite returning data.
If you know the service/version, please submit the following fingerprints
at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port6258-TCP:V=6.47%I=7%D=5/21%Time=5740ECE2%P=armv7l-unknown-linux-gnu
SF:eabi%r(GenericLines,67,"HTTP/1.1\x20200\x20OK\x20\r\nContent-Type:\x20
SF:text/html\r\nAccess-Control-Allow-Origin:*\r\nContent-Length:4\r\n\r\n
SF:<h1></h1>");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port9999-TCP:V=6.47%I=7%D=5/21%Time=5740ECE2%P=armv7l-unknown-linux-gnu
SF:eabi%r(GetRequest,AF,"HTTP/1.1\x20400\x20Bad\x20Request\r\nServer:\x20
SF:CloudHub\x20HTTP\x20Server\x20v1.0\r\nDate:\x20Sat,\x2021\x20May\x2020
SF:16\x2023:18:56\x20GMT\x2000:00\r\nContent-Length:\x2030\r\nConnection:\
SF:x20Close\r\n\r\n\r\nBad\x20Request\r\n\r\n")%r(HTTPOptions
SF:,AF,"HTTP/1.1\x20400\x20Bad\x20Request\r\nServer:\x20CloudHub\x20HTTP\
SF:x20Server\x20v1.0\r\nDate:\x20Sat,\x2021\x20May\x202016\x2023:18:57\x2
SF:0GMT\x2000:00\r\nContent-Length:\x2030\r\nConnection:\x20Close\r\n\r\n<
SF:HTML>\r\nBad\x20Request\r\n\r\n")%r(FourOhFourRequest,AF,"HTTP/1
SF:.1\x20400\x20Bad\x20Request\r\nServer:\x20CloudHub\x20HTTP\x20Server\x
SF:20v1.0\r\nDate:\x20Sat,\x2021\x20May\x202016\x2023:18:57\x20GMT\x2000:
SF:00\r\nContent-Length:\x2030\r\nConnection:\x20Close\r\n\r\n\r\nBa
SF:d\x20Request\r\n\r\n")%r(RTSPRequest,AF,"HTTP/1.1\x20400\x20Bad
SF:\x20Request\r\nServer:\x20CloudHub\x20HTTP\x20Server\x20v1.0\r\nDate:\
SF:x20Sat,\x2021\x20May\x202016\x2023:18:57\x20GMT\x2000:00\r\nContent-Len
SF:gth:\x2030\r\nConnection:\x20Close\r\n\r\n\r\nBad\x20Request\r\n<
SF:/HTML>\r\n")%r(SIPOptions,AF,"HTTP/1.1\x20400\x20Bad\x20Request\r\nSer
SF:ver:\x20CloudHub\x20HTTP\x20Server\x20v1.0\r\nDate:\x20Sat,\x2021\x20M
SF:ay\x202016\x2023:19:51\x20GMT\x2000:00\r\nContent-Length:\x2030\r\nConn
SF:ection:\x20Close\r\n\r\n\r\nBad\x20Request\r\n\r\n");
MAC Address: 8C:3A:E3:94:B9:A9 (LG Electronics)
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.10
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel:3.4.0-perf-g61a2a9a
TRACEROUTE
HOP RTT ADDRESS
1 43.69 ms 10.1.1.2
Nmap scan report for 10.1.1.6
Host is up (0.11s latency).
All 65535 scanned ports on 10.1.1.6 are closed (46662) or filtered (18873)
MAC Address: 64:BC:0C:7D:8A:E9 (Unknown)
Too many fingerprints match this Host to give specific OS details
Network Distance: 1 hop
TRACEROUTE
HOP RTT ADDRESS
1 108.85 ms 10.1.1.6
Nmap scan report for 10.1.1.7
Host is up (0.0083s latency).
Not shown: 64944 closed ports, 590 filtered ports
PORT STATE SERVICE VERSION
8187/tcp open unknown
1 service unrecognized despite returning data.
If you know the service/version, please submit the following fingerprint
at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port8187-TCP:V=6.47%I=7%D=5/21%Time=5740ECE2%P=armv7l-unknown-linux-gnu
SF:eabi%r(GetRequest,22D,"HTTP/1.0\x20400\x20Bad\x20Request\x20\r\nCONTEN
SF:T-TYPE:\x20text/xml;\x20charset=\"utf-8\"\x20\r\nSERVER:\x20UPnP/1.1\x
SF:20Samsung\x20AllShare\x20Server/1.0\x20\r\nCONTENT-LENGTH:\x20417\x20\
SF:r\n\r\n<\?xml\x20version=\"1.0\"\?>http://sch
SF:emas\.xmlsoap\.org/soap/envelope/\"\x20s:encodingStyle=\"http://schemas
SF:\.xmlsoap\.org/soap/encoding/\">s:ClientUPnPError402Invalid\x20Args")%r(HTTPOptions,22D,"HTTP/1.0\x20400\x20B
SF:ad\x20Request\x20\r\nCONTENT-TYPE:\x20text/xml;\x20charset=\"utf-8\"\x2
SF:0\r\nSERVER:\x20UPnP/1.1\x20Samsung\x20AllShare\x20Server/1.0\x20\r\n
SF:CONTENT-LENGTH:\x20417\x20\r\n\r\n<\?xml\x20version=\"1.0\"\?>http://schemas\.xmlsoap\.org/soap/envelope/\"\x20s:enc
SF:odingStyle=\"http://schemas\.xmlsoap\.org/soap/encoding/\">s:ClientUPnPError402Invalid\x20Args")%r(RTSPRequest
SF:,22D,"HTTP/1.0\x20400\x20Bad\x20Request\x20\r\nCONTENT-TYPE:\x20text/x
SF:ml;\x20charset=\"utf-8\"\x20\r\nSERVER:\x20UPnP/1.1\x20Samsung\x20AllS
SF:hare\x20Server/1.0\x20\r\nCONTENT-LENGTH:\x20417\x20\r\n\r\n<\?xml\x20
SF:version=\"1.0\"\?>http://schemas\.xmlsoap\.or
SF:g/soap/envelope/\"\x20s:encodingStyle=\"http://schemas\.xmlsoap\.org/so
SF:ap/encoding/\">s:ClientUPnPError402Inval
SF:id\x20Args")%r(FourOhFourRequest,22D,"HTTP/1.0\x20400\x20Bad\x20Reque
SF:st\x20\r\nCONTENT-TYPE:\x20text/xml;\x20charset=\"utf-8\"\x20\r\nSERVER
SF::\x20UPnP/1.1\x20Samsung\x20AllShare\x20Server/1.0\x20\r\nCONTENT-LEN
SF:GTH:\x20417\x20\r\n\r\n<\?xml\x20version=\"1.0\"\?>http://schemas\.xmlsoap\.org/soap/envelope/\"\x20s:encodingStyle=
SF:\"http://schemas\.xmlsoap\.org/soap/encoding/\">s:ClientUPnPError402Invalid\x20Args");
MAC Address: 84:2E:27:67:50:0E (Unknown)
No exact OS matches for Host.
If you know what OS is running on it, see http://nmap.org/submit/.
TCP/IP fingerprint:
OS:SCAN(V=6.47%E=4%D=5/21%OT=8187%CT=1%CU=39163%PV=Y%DS=1%DC=D%G=Y%M=842E27
OS:%TM=5740ED91%P=armv7l-unknown-linux-gnueabi)SEQ(SP=109%GCD=1%ISR=108%TI=
OS:Z%CI=I%II=I%TS=7)OPS(O1=M5B4ST11NW8%O2=M5B4ST11NW8%O3=M5B4NNT11NW8%O4=M5
OS:B4ST11NW8%O5=M5B4ST11NW8%O6=M5B4ST11)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF
OS:%W5=FFFF%W6=FFFF)ECN(R=Y%DF=Y%T=40%W=FFFF%O=M5B4NNSNW8%CC=Y%Q=)T1(R=Y%DF
OS:=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z
OS:%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=
OS:Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%
OS:RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
OS:IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 1 hop
TRACEROUTE
HOP RTT ADDRESS
1 8.32 ms 10.1.1.7
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 6 IP addresses (3 hosts up) scanned in 13841.90 seconds
あなたは2つの簡単なステップから始めることができます:
これらのことを行っても未確認のサービスがある場合は、ユーザーからの識別情報を含まないサービスフィンガープリントの提出が提示されたときに行う一般的な手順に従ってください。