Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 37A57305 for ; Mon, 17 Aug 2015 18:54:06 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-ob0-f179.google.com (mail-ob0-f179.google.com [209.85.214.179]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 34676E8 for ; Mon, 17 Aug 2015 18:54:05 +0000 (UTC) Received: by obbhe7 with SMTP id he7so120631174obb.0 for ; Mon, 17 Aug 2015 11:54:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=MJs1Izv1XtDNSMpREYrxMtzI92IDcSjbMDITjx94AWc=; b=PqclSKdPvrEf+bTg9E9MtQAMGiDAgy6yNkY5UiBGU8GcbSiflkg3aAop0Ank0XUrXy YQEfHq6v9rzenuPn36EgDNDqCSX/6Phz1xNnDDlwzlCa5zpf1thgp3jfhmfKgEtWb97M zmgGgABsiP9uiHC5YUi2Yd1+kkN+FIlMJyQx6VVAWB9MR/uXfJdyT6Oo0yzrymi72ALt /pMRcuDMETxihnC5hC2/t7J82a1FKly+yXvIGiOvvC+dUQxojZpR6ueqHJ8c6PlwYwtD HnEm4Ug4N7jdShLRAoIjee+axFO4sUOsg9G3OsSJeyj+WvGt1loGSkeFQUOumnXWMdJS JLIQ== MIME-Version: 1.0 X-Received: by 10.182.94.140 with SMTP id dc12mr2389793obb.87.1439837644357; Mon, 17 Aug 2015 11:54:04 -0700 (PDT) Received: by 10.202.75.71 with HTTP; Mon, 17 Aug 2015 11:54:04 -0700 (PDT) In-Reply-To: References: Date: Mon, 17 Aug 2015 11:54:04 -0700 Message-ID: From: "Warren Togami Jr." To: Jonathan Wilkins Content-Type: multipart/alternative; boundary=e89a8fb1f32a5388b7051d865347 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: bitcoin-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] That email was almost certainly not the real Satoshi X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Aug 2015 18:54:06 -0000 --e89a8fb1f32a5388b7051d865347 Content-Type: text/plain; charset=UTF-8 Dude, while it does appear plausible that the box is insecure, is it truly warranted to jump to any particular conclusion from that alone? What if all the open ports is just because it is a honey pot? On Mon, Aug 17, 2015 at 11:41 AM, Jonathan Wilkins via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > I'm sure that most people here were skeptical, but FWIW, the server that > hosts vistomail.com is a mess, it's a Plesk box with more than a couple > of services with dubious security histories. MailEnable smtpd, MSRPC, RDP, > see for yourself: > > Most likely someone popped the box and is entertaining themselves. > > Nmap scan report for vistomail.com (190.97.163.93) > Host is up (0.10s latency). > Not shown: 65521 filtered ports > PORT STATE SERVICE VERSION > 21/tcp open ftp Microsoft ftpd > | ssl-cert: Subject: commonName=secureanonymoussurfing.com > | Not valid before: 2015-05-03T00:00:00+00:00 > |_Not valid after: 2018-05-02T23:59:59+00:00 > |_ssl-date: 2015-08-16T00:08:25+00:00; +1m09s from local time. > 25/tcp open smtp MailEnable smptd 8.60-- > | smtp-commands: vistomail.com [192.241.217.85], this server offers 4 > extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN, > |_ 211 Help:->Supported Commands: > HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP > 53/tcp open domain Microsoft DNS 6.1.7601 > | dns-nsid: > |_ bind.version: Microsoft DNS 6.1.7601 (1DB14556) > 80/tcp open http Microsoft IIS httpd 7.5 > |_http-favicon: Parallels Control Panel > | http-methods: Potentially risky methods: TRACE > |_See http://nmap.org/nsedoc/scripts/http-methods.html > | http-ntlm-info: > | Target_Name: DS04 > | NetBIOS_Domain_Name: DS04 > | NetBIOS_Computer_Name: DS04 > | DNS_Domain_Name: DS04 > | DNS_Computer_Name: DS04 > |_ Product_Version: 6.1 (Build 7601) > |_http-title: Domain Default page > 110/tcp open pop3 MailEnable POP3 Server > |_pop3-capabilities: USER TOP UIDL > 135/tcp open msrpc Microsoft Windows RPC > 143/tcp open imap MailEnable imapd > |_imap-capabilities: completed CAPABILITY AUTH=CRAM-MD5 CHILDREN > UIDPLUSA0001 AUTH=LOGIN IMAP4rev1 OK IDLE IMAP4 > 443/tcp open ssl/http Microsoft IIS httpd 7.5 > |_http-favicon: Parallels Control Panel > | http-methods: Potentially risky methods: TRACE > |_See http://nmap.org/nsedoc/scripts/http-methods.html > |_http-title: Domain Default page > | ssl-cert: Subject: commonName=secureanonymoussurfing.com > | Not valid before: 2015-05-03T00:00:00+00:00 > |_Not valid after: 2018-05-02T23:59:59+00:00 > |_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time. > 587/tcp open smtp MailEnable smptd 8.60-- > | smtp-commands: vistomail.com [192.241.217.85], this server offers 4 > extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN, > |_ 211 Help:->Supported Commands: > HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP > 3389/tcp open ms-wbt-server Microsoft Terminal Service > 8443/tcp open https-alt? > | ssl-cert: Subject: commonName=Parallels > Panel/organizationName=Parallels, > Inc./stateOrProvinceName=Virginia/countryName=US > | Not valid before: 2015-03-13T19:40:20+00:00 > |_Not valid after: 2016-03-12T19:40:20+00:00 > |_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time. > 8880/tcp open http Microsoft IIS httpd 7.5 > |_http-favicon: Parallels Control Panel > |_http-methods: No Allow or Public header in OPTIONS response (status code > 500) > |_http-title: Site doesn't have a title (text/html; charset=utf-8). > 49154/tcp open msrpc Microsoft Windows RPC > 49156/tcp open msrpc Microsoft Windows RPC > Warning: OSScan results may be unreliable because we could not find at > least 1 open and 1 closed port > Device type: general purpose|phone > Running: Microsoft Windows 2008|7|Phone|Vista > OS CPE: cpe:/o:microsoft:windows_server_2008:r2 > cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8 > cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::- > cpe:/o:microsoft:windows_vista::sp1 > OS details: Windows Server 2008 R2, Microsoft Windows 7 Professional or > Windows 8, Microsoft Windows Phone 7.5 or 8.0, Microsoft Windows Vista SP0 > or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, > Windows 7 SP1, or Windows Server 2008 > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > --e89a8fb1f32a5388b7051d865347 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dude, while it does appear plausible that the box is insec= ure, is it truly warranted to jump to any particular conclusion from that a= lone?

What if all the open ports is just because it is a= honey pot?


On Mon, Aug 17, 2015 at 11:41 AM, Jonathan Wilkins via= bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
Most likely someone popped the box and is entertaining them= selves.

Nmap scan report for
vistomail.com (190.97.163.93)
Host is up (0.10s lat= ency).
Not shown: 65521 filtered ports
PORT=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0 STATE SERVICE=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 VERSION
21/tcp= =C2=A0=C2=A0=C2=A0 open=C2=A0 ftp=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 Microsoft ftpd
| ssl-cert: Subject: commonName=3Dsecureanonymous= surfing.com
| Not valid before: 2015-05-03T00:00:00+00:00
|_Not v= alid after:=C2=A0 2018-05-02T23:59:59+00:00
|_ssl-date: 2015-08-16T00:08= :25+00:00; +1m09s from local time.
25/tcp=C2=A0=C2=A0=C2=A0 open=C2=A0 s= mtp=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 MailEnable smptd = 8.60--
| smtp-commands: vistomail.com [192.241.217.85], this server offers 4 extensions, AUT= H LOGIN, SIZE 20480000, HELP, AUTH=3DLOGIN,
|_ 211 Help:->Supported C= ommands: HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
53/tcp=C2=A0=C2=A0= =C2=A0 open=C2=A0 domain=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Microsof= t DNS 6.1.7601
| dns-nsid:
|_=C2=A0 bind.version: Microsoft DNS 6.1.7= 601 (1DB14556)
80/tcp=C2=A0=C2=A0=C2=A0 open=C2=A0 http=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Microsoft IIS httpd 7.5
|_http-f= avicon: Parallels Control Panel
| http-methods: Potentially risky method= s: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html<= br>| http-ntlm-info:
|=C2=A0=C2=A0 Target_Name: DS04
|=C2=A0=C2=A0 Ne= tBIOS_Domain_Name: DS04
|=C2=A0=C2=A0 NetBIOS_Computer_Name: DS04
|= =C2=A0=C2=A0 DNS_Domain_Name: DS04
|=C2=A0=C2=A0 DNS_Computer_Name: DS04=
|_=C2=A0 Product_Version: 6.1 (Build 7601)
|_http-title: Domain Defa= ult page
110/tcp=C2=A0=C2=A0 open=C2=A0 pop3=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 MailEnable POP3 Server
|_pop3-capabilities: = USER TOP UIDL
135/tcp=C2=A0=C2=A0 open=C2=A0 msrpc=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 Microsoft Windows RPC
143/tcp=C2=A0=C2=A0 op= en=C2=A0 imap=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 MailEna= ble imapd
|_imap-capabilities: completed CAPABILITY AUTH=3DCRAM-MD5 CHIL= DREN UIDPLUSA0001 AUTH=3DLOGIN IMAP4rev1 OK IDLE IMAP4
443/tcp=C2=A0=C2= =A0 open=C2=A0 ssl/http=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Microsoft IIS httpd 7= .5
|_http-favicon: Parallels Control Panel
| http-methods: Potentiall= y risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-met= hods.html
|_http-title: Domain Default page
| ssl-cert: Subject: = commonName=3Dsecureanonymoussurfing.com
| Not valid before: 2015-05-03T00:00:00= +00:00
|_Not valid after:=C2=A0 2018-05-02T23:59:59+00:00
|_ssl-date:= 2015-08-16T00:08:24+00:00; +1m09s from local time.
587/tcp=C2=A0=C2=A0 = open=C2=A0 smtp=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 MailE= nable smptd 8.60--
| smtp-commands: vistomail.com [192.241.217.85], this server offers 4 ext= ensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=3DLOGIN,
|_ 211 Help:->= ;Supported Commands: HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
3389/t= cp=C2=A0 open=C2=A0 ms-wbt-server Microsoft Terminal Service
8443/tcp=C2= =A0 open=C2=A0 https-alt?
| ssl-cert: Subject: commonName=3DParallels Pa= nel/organizationName=3DParallels, Inc./stateOrProvinceName=3DVirginia/count= ryName=3DUS
| Not valid before: 2015-03-13T19:40:20+00:00
|_Not valid= after:=C2=A0 2016-03-12T19:40:20+00:00
|_ssl-date: 2015-08-16T00:08:24+= 00:00; +1m09s from local time.
8880/tcp=C2=A0 open=C2=A0 http=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Microsoft IIS httpd 7.5
|_= http-favicon: Parallels Control Panel
|_http-methods: No Allow or Public= header in OPTIONS response (status code 500)
|_http-title: Site doesn&#= 39;t have a title (text/html; charset=3Dutf-8).
49154/tcp open=C2=A0 msr= pc=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Microsoft Windows RPC49156/tcp open=C2=A0 msrpc=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= Microsoft Windows RPC
Warning: OSScan results may be unreliable because= we could not find at least 1 open and 1 closed port
Device type: genera= l purpose|phone
Running: Microsoft Windows 2008|7|Phone|Vista
OS CPE:= cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7::-:prof= essional cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows cpe:/o:microso= ft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1
OS details: Wind= ows Server 2008 R2, Microsoft Windows 7 Professional or Windows 8, Microsof= t Windows Phone 7.5 or 8.0, Microsoft Windows Vista SP0 or SP1, Windows Ser= ver 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or = Windows Server 2008

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev


--e89a8fb1f32a5388b7051d865347--