513/tcp is rlogin. Its just another way to remotely connect to the router similar to telnet. Port 67/udp and 67/tcp is for dhcp. -ryan ----- Original Message ----- From: "Rajkumar S." <listuserat_private> To: <VULN-DEVat_private> Sent: Saturday, April 28, 2001 12:41 PM Subject: Re: Hijack IP Address using cable modem > On Fri, 27 Apr 2001, fejed wrote: > > Following a lead from fejed i ran nmap over my SurfBoard 3100 cable modem. > > Here are the results. > > Starting nmap V. 2.12 by Fyodor (fyodorat_private, www.insecure.org/nmap/) > > Interesting ports on (192.168.100.1): > Port State Protocol Service > 80 open tcp http > 513 open tcp login > > Interesting ports on (192.168.100.1): > Port State Protocol Service > 161 open udp snmp > 514 open udp syslog > > > TCP Sequence Prediction: Class=64K rule > Difficulty=1 (Trivial joke) > Remote operating system guess: IBM LAN RouteSwitch/Xylan OmniSwitch > Version 3.2.5/NeXT > > Nmap run completed -- 1 IP address (1 host up) scanned in 25 seconds > > It has HTTP open. And their is a web server running and it gives fairly > decent info about the modem. What could the 513 have? My guess is that it > is the port of the DHCP server that is running inside the modem. > > The UDP is snmp and syslog. > > Any one with any experience with this OS. Some bugs are bound to occur. > > > raj
This archive was generated by hypermail 2b30 : Mon Apr 30 2001 - 08:12:11 PDT