Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: A Mystery  (Read 965 times)

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 22548
  • Over the Rainbow Bridge
    • The ELRepo Project
A Mystery
« on: December 23, 2016, 06:00:06 PM »

I was recently shown the following and asked for any explanation that I could give --

Code: [Select]
$ telnet 92.222.227.241 808
Trying 92.222.227.241...
Connected to 92.222.227.241.
Escape character is '^]'.
220-HaXXorD BoX by Isac
220->>>>>>>>>>>>>>>>>>>>>>>>>>>
220->> ip-[77.76.198.197]
220->> atm_users-[1]
220->> avg_spd-[0.018 Kb/s]
220->> atm_spd-[ 0.000 Kb/s]
220->> free_space-[29004.52 MB]
220 >>>>>>>>>>>>>>>>>>>>>>>>>>>
help
214- The following commands are recognized (* => unimplemented).
   USER    PORT    RETR    ALLO    DELE    SITE    XMKD    CDUP    FEAT
   PASS    PASV    STOR    REST    CWD     STAT    RMD     XCUP    OPTS
   ACCT    TYPE    APPE    RNFR    XCWD    HELP    XRMD    STOU    AUTH
   REIN    STRU    SMNT    RNTO    LIST    NOOP    PWD     SIZE    PBSZ
   QUIT    MODE    SYST    ABOR    NLST    MKD     XPWD    MDTM    PROT
214 Direct comments or bugs to bugs@bugs.com.
Quit
221 Goodbye!
Connection closed by foreign host.
$

We see a telnet session opened to IPv4 address 92.222.227.241 and using port 808. The "help" output is not something I have seen before. A "whois" of the IPv4 address tells me --

Code: [Select]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '92.222.227.240 - 92.222.227.255'

% Abuse contact for '92.222.227.240 - 92.222.227.255' is 'abuse@ovh.net'

inetnum:        92.222.227.240 - 92.222.227.255
netname:        OVH_87212208
descr:          OVH Static IP
country:        FR
org:            ORG-DVY1-RIPE
admin-c:        OTC2-RIPE
tech-c:         OTC2-RIPE
status:         ASSIGNED PA
mnt-by:         OVH-MNT
created:        2015-08-01T13:42:06Z
last-modified:  2015-08-01T13:42:06Z
source:         RIPE

organisation:   ORG-DVY1-RIPE
org-name:       De Vermont Yoan
org-type:       OTHER
address:        3 Rue Guilloud
address:        69003 Lyon
address:        FR
abuse-mailbox:  paypal@teamspeak-connection.fr
phone:          +33.643074312
mnt-ref:        OVH-MNT
mnt-by:         OVH-MNT
created:        2015-08-01T13:42:04Z
last-modified:  2015-08-01T13:42:04Z
source:         RIPE # Filtered

role:           OVH Technical Contact
address:        OVH SAS
address:        2 rue Kellermann
address:        59100 Roubaix
address:        France
admin-c:        OK217-RIPE
tech-c:         GM84-RIPE
tech-c:         SL10162-RIPE
nic-hdl:        OTC2-RIPE
abuse-mailbox:  abuse@ovh.net
mnt-by:         OVH-MNT
created:        2004-01-28T17:42:29Z
last-modified:  2014-09-05T10:47:15Z
source:         RIPE # Filtered

% Information related to '92.222.0.0/16AS16276'

route:          92.222.0.0/16
descr:          OVH
origin:         AS16276
mnt-by:         OVH-MNT
created:        2014-02-25T16:37:57Z
last-modified:  2014-02-25T16:37:57Z
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.88 (ANGUS)

A "host" of bugs.com tells me --

Code: [Select]
bugs.com has address 69.172.245.148
bugs.com mail is handled by 10 mail.bugs.com

A "whois" of bugs.com tells me --

Code: [Select]
Domain Name: bugs.com
Registry Domain ID: 2023231_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.moniker.com
Registrar URL: http://www.moniker.com
Updated Date: 2015-05-03T00:42:45.0Z
Creation Date: 1995-05-19T04:00:00.0Z
Registrar Registration Expiration Date: 2020-05-20T04:00:00.0Z
Registrar: Moniker Online Services LLC
Registrar IANA ID: 228
Registrar Abuse Contact Email: abuse@moniker.com
Registrar Abuse Contact Phone: +1.9546071294
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Randy Hulett
Registrant Organization: Hulett Environmental Services
Registrant Street: 7670 Okeechobee Blvd
Registrant City: West Palm Beach
Registrant State/Province: FL
Registrant Postal Code: 33411
Registrant Country: US
Registrant Phone: +1.5616867171
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: rhulett@bugs.com
Registry Admin ID: Not Available From Registry
Admin Name: Randy Hulett
Admin Organization: Hulett Environmental Services
Admin Street: 7670 Okeechobee Blvd
Admin City: West Palm Beach
Admin State/Province: FL
Admin Postal Code: 33411
Admin Country: US
Admin Phone: +1.5616867171
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: rhulett@bugs.com
Registry Tech ID: Not Available From Registry
Tech Name: Derek McKelvey
Tech Organization: Hulett Enviornmental Services
Tech Street: 7670 Okeechobee Blvd
Tech City: West Palm Beach
Tech Postal Code: 33411
Tech State/Province: FL
Tech Country: US
Tech Phone: +1.5612421515
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: dmckelvey@bugs.com
Registry Billing ID: Not Available From Registry
Billing Name: Randy Hulett
Billing Organization:
Billing Street: 7670 Okeechobee Blvd
Billing City: West Palm Beach
Billing State/Province: FL
Billing Postal Code: 33411
Billing Country: US
Billing Phone: +1.5616867171
Billing Phone Ext:
Billing Fax:
Billing Fax Ext:
Billing Email: rhulett@bugs.com
Name Server: ns1.monikerdns.net
Name Server: ns2.monikerdns.net
Name Server: ns3.monikerdns.net
Name Server: ns4.monikerdns.net
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: https://wdprs.internic.net/
>>> Last update of WHOIS database: 2016-12-23T17:54:36.0Z <<<

Whereas a "whois" of the 69.172.245.148 IPv4 address tells me --

Code: [Select]
DAS Group PEER1-DASGROUP-01 (NET-69-172-245-128-1) 69.172.245.128 - 69.172.245.191
Peer 1 Network (USA) Inc. PEER1-BLK-14 (NET-69-172-192-0-1) 69.172.192.0 - 69.172.255.255

I'm puzzled.  ???  Has any kitizen seen anything like the above telnet session output, please?
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

andyfitter

  • Reg Member
  • ***
  • Posts: 136
Re: A Mystery
« Reply #1 on: December 23, 2016, 06:26:39 PM »

Isn't that just the standard FTP server help text? Just a login via telnet to an FTP server on port 808?
Logged

ejs

  • Kitizen
  • ****
  • Posts: 1661
Re: A Mystery
« Reply #2 on: December 23, 2016, 06:28:38 PM »

Yes, those are FTP commands, you've used telnet to connect to an FTP server.
Logged

andyfitter

  • Reg Member
  • ***
  • Posts: 136
Re: A Mystery
« Reply #3 on: December 23, 2016, 06:32:20 PM »

I think a lot of people don't realise that lots of standard protocols such as ftp/nntp/smtp are actually command line based protocols that are usually now wrapped inside higher levels of abstraction via an Application.
Logged

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 22548
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: A Mystery
« Reply #4 on: December 23, 2016, 06:48:07 PM »

Ah, so that explains it. Thank you, both.  :)
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

andyfitter

  • Reg Member
  • ***
  • Posts: 136
Re: A Mystery
« Reply #5 on: December 23, 2016, 06:50:17 PM »

I admit I did a bit of a double take as its been a while since I last saw that. When I read 'atm' and 'REIN' my brain switched into thinking it was some kind of comms device.
Logged

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 22548
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: A Mystery
« Reply #6 on: December 23, 2016, 07:07:43 PM »

When I read 'atm' and 'REIN' my brain switched into thinking it was some kind of comms device.

That was my immediate reaction and (possibly) why a certain person showed me that output.  :D

So, knowing no fear, b*cat performed the obvious experiment (and obfuscated his IPv4 address in the output so returned) --

Code: [Select]
[Duo2 tmp]$ ftp -n
ftp> open 92.222.227.241 808
Connected to 92.222.227.241 (92.222.227.241).
220-HaXXorD BoX by Isac
220->>>>>>>>>>>>>>>>>>>>>>>>>>>
220->> ip-[WWW.XXX.YYY.ZZZ]
220->> atm_users-[1]
220->> avg_spd-[0.017 Kb/s]
220->> atm_spd-[ 0.000 Kb/s]
220->> free_space-[28915.49 MB]
220 >>>>>>>>>>>>>>>>>>>>>>>>>>>
Remote system type is Welcome.
ftp> help
Commands may be abbreviated.  Commands are:

! debug mdir sendport site
$ dir mget put size
account disconnect mkdir pwd status
append exit mls quit struct
ascii form mode quote system
bell get modtime recv sunique
binary glob mput reget tenex
bye hash newer rstatus tick
case help nmap rhelp trace
cd idle nlist rename type
cdup image ntrans reset user
chmod lcd open restart umask
close ls prompt rmdir verbose
cr macdef passive runique ?
delete mdelete proxy send
ftp> bye
221 Goodbye!
[Duo2 tmp]$
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.