botnet scan

>Post you're open ports, /g/
>can't figure out when to use "your" vs "you're"
>thread hidden

>>62463459
oh sweet summer child

>>62463440
All stealth, makes sense since I don't actually have anything that low open.

File: 1485267551183.jpg (21KB, 720x428px) Image search: [Google]

21KB, 720x428px

>>62463440
thanks for the ip

>>62463702
have fun nmapping friend :^)

File: file.png (13KB, 587x302px) Image search: [Google]

13KB, 587x302px

>>62463440
>enabling UPnP

File: 1491096218808.gif (177KB, 500x419px) Image search: [Google]

177KB, 500x419px

GRC Port Authority Report created on UTC: 2017-09-16 at 18:52:42

Results from scan of ports: 0-1055

    0 Ports Open
 1052 Ports Closed
    4 Ports Stealth
---------------------
 1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be STEALTH were: 21, 22, 23, 80

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.

Wat do?

File: 20170916_145609.png (386KB, 1080x1439px) Image search: [Google]

386KB, 1080x1439px

>>62464065
This, you hecking dumbos

All stealth minus 22, 80, and 443 as expected.

>>62464303
get a non botnet ISP

File: iridium_2017-09-16_20-44-18.png (50KB, 1647x224px) Image search: [Google]

50KB, 1647x224px

>basically fresh windows 10 install
>this
I followed a guide I found here to disable some random telemetry services, uninstall bloatware, and disable forced updates. It basically consisted of editing registry keys. I then installed some random software (like iridium). That's the extent of my OS configuration.

>>62464170
>I am up and only port 646 isn't closed pls no bully

>>62464170
I have a similar port map (almost all ports are closed, but not stealthy). Am I being cucked by my ISP? Can I do something to turn all ports green?

File: _20170916_223632.jpg (173KB, 720x748px) Image search: [Google]

173KB, 720x748px

>>62464065
>>62464373
I have UPnP enabled. All tests passed fully green.

>>62463459
>using "your" and "you're" correctly
what a newfag

File: 2rad4u.png (473B, 316x23px) Image search: [Google]

473B, 316x23px

>>62463941
kek

>>62465275
>>62464490
Stealth isn't better than closed. Both are pretty much equal in security.

File: Sweating_profusely.jpg (33KB, 426x341px) Image search: [Google]

33KB, 426x341px

>>62463440
Why are mine closed and not stealth?!

>>62466265
If all (or the more common) ports are "stealth", then you don't advertise your host as up. This will effectively foil many automated scanners' plans.
Also, advertising a port as closed means that your OS _does_ respond to to attack, and thus it's vulnerable to DDoS and so on.
Obviously this may or may not be relevant for you according to your usage case (server, residential router, remote webcam/surveillance system...)
For this specific usage case (residential IP) it's probably irrelevant. I suspect anyway it's a setting of the domestic "router".

>>62466265
Closed means that the port is available but nothing is listening on it, so the connecting machine got an error back. Stealth means that the port did not even reply.

>>62466322
fix your firewall anon

>>62466379
>and thus it's vulnerable to DDoS and so on.
I'm not sure which you mean, but:

- If you mean that a PC can be DDoSed by receiving more packets than it can reject, doesn't dropping require a similar amount of effort, or only marginally less?
- If you mean that it signals to attackers that your host is up and running, and they are free to DDoS it: well, that'll be the case if you have ANY port open/closed. Which will be the case if you're offering some sort of service: if all your ports are stealth, that means none of them are open, in which case why are you even connected to the internet?

Unless I'm misinformed, in which case please do correct me

>>62466379
>This will effectively foil many automated scanners' plans.
Interesting. How does the website work, then? The scanner loses maybe a second or so per port, nothing major when he just has to scan the range for a single IP.
You aren't worse off, there's just no reason to feel safer.
>>62466386
Where's the security benefit in that?

>>62466479
>doesn't dropping require a similar amount of effort, or only marginally less?
no, dropping is way more efficient than rejecting, for all your server resources. even better, you could drop offending packets in the RAW table once they start hitting too much or once a botnet scan is revealed. dropping in RAW is almost equal to nullrouting.
>that'll be the case if you have ANY port open/closed.
open ports are reasonably configured only to accept this much from a single IP in a single timeframe, and then reasonably reject to friendly advertise to the connecting machine that they have to slow down. replying to all ports to tell that every single one of them is closed doesn't make much sense and is not really efficient for anyone.
>>62466571
>Interesting. How does the website work, then?
The port will be open and rules for that port will be considered.
>The scanner loses maybe a second or so per port, nothing major when he just has to scan the range for a single IP.
No. A scanner will have to wait until timeout and will effectively stall unless it's configured to wait only for little time (most will be configured so). A scanner does not go after targets that do no appear to be alive, so subsequent automated scans from that host will be less likely.
>You aren't worse off, there's just no reason to feel safer.
Server resources, advertising that your host is up and vulnerable to DDoS on $port is something you should consider when deploying services at large.

>>62466214
Bazinga!!

I guess the white dry cleaning vans are out now to "clean up". Hahahaha.

File: 1163836021.jpg (36KB, 629x510px) Image search: [Google]

36KB, 629x510px

>>62463440
I have 2 open ports 22 and 80.
So???

>>62467279
>22 and 80
>not even port knocking to open 22
>not even 443 to serve websites
kek

File: hackers.jpg (333KB, 2000x1309px) Image search: [Google]

333KB, 2000x1309px

>>62463440
>Gibson

>>62466010
Same here. But my UPnP isn't enabled for the outside network, so it's obvious it's not a problem.

File: Screenshot_2017-09-17_07-28-56.png (27KB, 611x549px) Image search: [Google]

27KB, 611x549px

So im safe?

>>62468450
well, if you were infected by some ransomware or some mining botnet the connection would be initiated on your side and the used port could still appear "stealth" to other third parties

File: Selection_024.png (32KB, 612x581px) Image search: [Google]

32KB, 612x581px

Looks good.
If anyone ever figures out how to remotely hack a WiiU in sleep mode I'm fucked though, it's set as a DMZ.

>>62463440
>.dll
Hell no

>>62469002
Freshly installed. I guess im safe.

>>62468450
It only goes up to port 1055 so not necessarily. Try nmapping yourself from a server not on your network.

>>62469153
A URI's a bunch of text, and the guarantees are few and far between. They could name it .exe or .mp3 for all anyone cares, that doesn't mean that your browser send the request for an executable mime type, or some audio content type, or that the server is obligated to respond with that mime type.

>>62463440
>>62469220
Running nmap on yourself from a server not on your network or even going to shodan.io is better than this thing.

>>62463440
>>62469221
>>62469220
wait, was it a trap then or not`?

>>62464303
Just turn off ICMP in your router settings

>>62469250
Probably not no, you're getting scanned multiple times a day all around the world.

File: Screenshot_2017-09-16-19-32-34.png (628KB, 1440x2560px) Image search: [Google]

628KB, 1440x2560px

With powered off PS3 in DMZ

File: umm..png (7KB, 519x88px) Image search: [Google]

7KB, 519x88px

Am I good?

File: Screenshot_2017-09-16-19-29-58.png (612KB, 1440x2560px) Image search: [Google]

612KB, 1440x2560px

>>62469324
Without PS3 in DMZ

File: 1498036227533.jpg (190KB, 1280x1233px) Image search: [Google]

190KB, 1280x1233px

I got the good one. So I guess that's good.

>>62469241
>shodan.io
literal botnet, a constant presence in my ipset lists :^)

GRC Port Authority Report created on UTC: 2017-09-17 at 01:05:21 Results from scan of ports: 0-1055 2 Ports Open 0 Ports Closed 1054 Ports Stealth --------------------- 1056 Ports Tested NO PORTS were found to be CLOSED. Ports found to be OPEN were: 22, 443 Other than what is listed above, all ports are STEALTH. TruStealth: FAILED - NOT all tested ports were STEALTH, - NO unsolicited packets were received, - A PING REPLY (ICMP Echo) WAS RECEIVED

Am I being hacked?

>>62464065
I get this too.

>people doing the upnp test because it's presented with a GIANT BUTTON rather than the proper port test
nu-/g/ everyone

>>62464065
>>62464373
Got this too. I have a feeling this is just a placebo

>>62469834
>>62469781
the real test is "All service ports"...
>>62464065
>UPnP
>>62464373
>you hecking dumbos
you fucking idiots.

File: Capture.png (41KB, 612x581px) Image search: [Google]

41KB, 612x581px

Eh guys, am I good?

>>62470104
I can nazi anything anon

File: eke8f.jpg (4KB, 150x150px) Image search: [Google]

4KB, 150x150px

>>62470124
Phew.

>>62470104
Looks all Reich to me, anon.

>>62470104
Oh shit! I'm laughing too hard!
>TFW you can't share the hilarity with anyone you know, because they wouldn't recognize a port scan if it were properly labeled and even then wouldn't care or recognize the effort
:(

>>62471088
>>62469781

File: failedtest.png (18KB, 692x444px) Image search: [Google]

18KB, 692x444px

is this bad? halp

>>62471371
kek
it's too late

GRC Port Authority Report created on UTC: 2017-09-17 at 03:36:54

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

>>62471407
can someone actually give me feedback

>THE EQUIPMENT AT THE TARGET IP ADDRESS
>DID NOT RESPOND TO OUR UPnP PROBES!

GRC Port Authority Report created on UTC: 2017-09-17 at 03:54:27

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

File: 20170917_000113.png (356KB, 1080x1439px) Image search: [Google]

356KB, 1080x1439px

>>62469865
Shut up you double hecker dummy