public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoin-dev] That email was almost certainly not the real Satoshi
@ 2015-08-17 18:41 Jonathan Wilkins
  2015-08-17 18:54 ` Warren Togami Jr.
  0 siblings, 1 reply; 2+ messages in thread
From: Jonathan Wilkins @ 2015-08-17 18:41 UTC (permalink / raw)
  To: bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 3891 bytes --]

I'm sure that most people here were skeptical, but FWIW, the server that
hosts vistomail.com is a mess, it's a Plesk box with more than a couple of
services with dubious security histories. MailEnable smtpd, MSRPC, RDP, see
for yourself:

Most likely someone popped the box and is entertaining themselves.

Nmap scan report for vistomail.com (190.97.163.93)
Host is up (0.10s latency).
Not shown: 65521 filtered ports
PORT      STATE SERVICE       VERSION
21/tcp    open  ftp           Microsoft ftpd
| ssl-cert: Subject: commonName=secureanonymoussurfing.com
| Not valid before: 2015-05-03T00:00:00+00:00
|_Not valid after:  2018-05-02T23:59:59+00:00
|_ssl-date: 2015-08-16T00:08:25+00:00; +1m09s from local time.
25/tcp    open  smtp          MailEnable smptd 8.60--
| smtp-commands: vistomail.com [192.241.217.85], this server offers 4
extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
|_ 211 Help:->Supported Commands:
HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
53/tcp    open  domain        Microsoft DNS 6.1.7601
| dns-nsid:
|_  bind.version: Microsoft DNS 6.1.7601 (1DB14556)
80/tcp    open  http          Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
| http-ntlm-info:
|   Target_Name: DS04
|   NetBIOS_Domain_Name: DS04
|   NetBIOS_Computer_Name: DS04
|   DNS_Domain_Name: DS04
|   DNS_Computer_Name: DS04
|_  Product_Version: 6.1 (Build 7601)
|_http-title: Domain Default page
110/tcp   open  pop3          MailEnable POP3 Server
|_pop3-capabilities: USER TOP UIDL
135/tcp   open  msrpc         Microsoft Windows RPC
143/tcp   open  imap          MailEnable imapd
|_imap-capabilities: completed CAPABILITY AUTH=CRAM-MD5 CHILDREN
UIDPLUSA0001 AUTH=LOGIN IMAP4rev1 OK IDLE IMAP4
443/tcp   open  ssl/http      Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Domain Default page
| ssl-cert: Subject: commonName=secureanonymoussurfing.com
| Not valid before: 2015-05-03T00:00:00+00:00
|_Not valid after:  2018-05-02T23:59:59+00:00
|_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
587/tcp   open  smtp          MailEnable smptd 8.60--
| smtp-commands: vistomail.com [192.241.217.85], this server offers 4
extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
|_ 211 Help:->Supported Commands:
HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
3389/tcp  open  ms-wbt-server Microsoft Terminal Service
8443/tcp  open  https-alt?
| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels,
Inc./stateOrProvinceName=Virginia/countryName=US
| Not valid before: 2015-03-13T19:40:20+00:00
|_Not valid after:  2016-03-12T19:40:20+00:00
|_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
8880/tcp  open  http          Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
|_http-methods: No Allow or Public header in OPTIONS response (status code
500)
|_http-title: Site doesn't have a title (text/html; charset=utf-8).
49154/tcp open  msrpc         Microsoft Windows RPC
49156/tcp open  msrpc         Microsoft Windows RPC
Warning: OSScan results may be unreliable because we could not find at
least 1 open and 1 closed port
Device type: general purpose|phone
Running: Microsoft Windows 2008|7|Phone|Vista
OS CPE: cpe:/o:microsoft:windows_server_2008:r2
cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8
cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::-
cpe:/o:microsoft:windows_vista::sp1
OS details: Windows Server 2008 R2, Microsoft Windows 7 Professional or
Windows 8, Microsoft Windows Phone 7.5 or 8.0, Microsoft Windows Vista SP0
or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2,
Windows 7 SP1, or Windows Server 2008

[-- Attachment #2: Type: text/html, Size: 4677 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [bitcoin-dev] That email was almost certainly not the real Satoshi
  2015-08-17 18:41 [bitcoin-dev] That email was almost certainly not the real Satoshi Jonathan Wilkins
@ 2015-08-17 18:54 ` Warren Togami Jr.
  0 siblings, 0 replies; 2+ messages in thread
From: Warren Togami Jr. @ 2015-08-17 18:54 UTC (permalink / raw)
  To: Jonathan Wilkins; +Cc: bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 4563 bytes --]

Dude, while it does appear plausible that the box is insecure, is it truly
warranted to jump to any particular conclusion from that alone?

What if all the open ports is just because it is a honey pot?


On Mon, Aug 17, 2015 at 11:41 AM, Jonathan Wilkins via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> I'm sure that most people here were skeptical, but FWIW, the server that
> hosts vistomail.com is a mess, it's a Plesk box with more than a couple
> of services with dubious security histories. MailEnable smtpd, MSRPC, RDP,
> see for yourself:
>
> Most likely someone popped the box and is entertaining themselves.
>
> Nmap scan report for vistomail.com (190.97.163.93)
> Host is up (0.10s latency).
> Not shown: 65521 filtered ports
> PORT      STATE SERVICE       VERSION
> 21/tcp    open  ftp           Microsoft ftpd
> | ssl-cert: Subject: commonName=secureanonymoussurfing.com
> | Not valid before: 2015-05-03T00:00:00+00:00
> |_Not valid after:  2018-05-02T23:59:59+00:00
> |_ssl-date: 2015-08-16T00:08:25+00:00; +1m09s from local time.
> 25/tcp    open  smtp          MailEnable smptd 8.60--
> | smtp-commands: vistomail.com [192.241.217.85], this server offers 4
> extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
> |_ 211 Help:->Supported Commands:
> HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
> 53/tcp    open  domain        Microsoft DNS 6.1.7601
> | dns-nsid:
> |_  bind.version: Microsoft DNS 6.1.7601 (1DB14556)
> 80/tcp    open  http          Microsoft IIS httpd 7.5
> |_http-favicon: Parallels Control Panel
> | http-methods: Potentially risky methods: TRACE
> |_See http://nmap.org/nsedoc/scripts/http-methods.html
> | http-ntlm-info:
> |   Target_Name: DS04
> |   NetBIOS_Domain_Name: DS04
> |   NetBIOS_Computer_Name: DS04
> |   DNS_Domain_Name: DS04
> |   DNS_Computer_Name: DS04
> |_  Product_Version: 6.1 (Build 7601)
> |_http-title: Domain Default page
> 110/tcp   open  pop3          MailEnable POP3 Server
> |_pop3-capabilities: USER TOP UIDL
> 135/tcp   open  msrpc         Microsoft Windows RPC
> 143/tcp   open  imap          MailEnable imapd
> |_imap-capabilities: completed CAPABILITY AUTH=CRAM-MD5 CHILDREN
> UIDPLUSA0001 AUTH=LOGIN IMAP4rev1 OK IDLE IMAP4
> 443/tcp   open  ssl/http      Microsoft IIS httpd 7.5
> |_http-favicon: Parallels Control Panel
> | http-methods: Potentially risky methods: TRACE
> |_See http://nmap.org/nsedoc/scripts/http-methods.html
> |_http-title: Domain Default page
> | ssl-cert: Subject: commonName=secureanonymoussurfing.com
> | Not valid before: 2015-05-03T00:00:00+00:00
> |_Not valid after:  2018-05-02T23:59:59+00:00
> |_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
> 587/tcp   open  smtp          MailEnable smptd 8.60--
> | smtp-commands: vistomail.com [192.241.217.85], this server offers 4
> extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
> |_ 211 Help:->Supported Commands:
> HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
> 3389/tcp  open  ms-wbt-server Microsoft Terminal Service
> 8443/tcp  open  https-alt?
> | ssl-cert: Subject: commonName=Parallels
> Panel/organizationName=Parallels,
> Inc./stateOrProvinceName=Virginia/countryName=US
> | Not valid before: 2015-03-13T19:40:20+00:00
> |_Not valid after:  2016-03-12T19:40:20+00:00
> |_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
> 8880/tcp  open  http          Microsoft IIS httpd 7.5
> |_http-favicon: Parallels Control Panel
> |_http-methods: No Allow or Public header in OPTIONS response (status code
> 500)
> |_http-title: Site doesn't have a title (text/html; charset=utf-8).
> 49154/tcp open  msrpc         Microsoft Windows RPC
> 49156/tcp open  msrpc         Microsoft Windows RPC
> Warning: OSScan results may be unreliable because we could not find at
> least 1 open and 1 closed port
> Device type: general purpose|phone
> Running: Microsoft Windows 2008|7|Phone|Vista
> OS CPE: cpe:/o:microsoft:windows_server_2008:r2
> cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8
> cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::-
> cpe:/o:microsoft:windows_vista::sp1
> OS details: Windows Server 2008 R2, Microsoft Windows 7 Professional or
> Windows 8, Microsoft Windows Phone 7.5 or 8.0, Microsoft Windows Vista SP0
> or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2,
> Windows 7 SP1, or Windows Server 2008
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>

[-- Attachment #2: Type: text/html, Size: 5845 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2015-08-17 18:54 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-08-17 18:41 [bitcoin-dev] That email was almost certainly not the real Satoshi Jonathan Wilkins
2015-08-17 18:54 ` Warren Togami Jr.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox