• Смотрим на сайтик одного известного магазина, который, якобы, сейчас под мощным DDoS:

    Interesting ports on XXXXXX.ru (217.147.XXX.XXX):
    Not shown: 1696 closed ports
    PORT STATE SERVICE VERSION
    21/tcp open ftp Serv-U ftpd 6.4
    25/tcp filtered smtp
    80/tcp open http?
    135/tcp open msrpc Microsoft Windows RPC
    139/tcp open netbios-ssn
    445/tcp filtered microsoft-ds
    554/tcp open rtsp Microsoft Windows Media Server 9.1.1.5000
    623/tcp filtered unknown
    664/tcp filtered unknown
    1025/tcp open msrpc Microsoft Windows RPC
    1027/tcp open msrpc Microsoft Windows RPC
    1029/tcp open msrpc Microsoft Windows RPC
    1433/tcp open ms-sql-s Microsoft SQL Server 2000 8.00.2039; SP4
    1755/tcp open wms?
    3389/tcp open microsoft-rdp Microsoft Terminal Service
    8080/tcp open http-proxy Squid webproxy 2.6.STABLE5
    1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at insecure.org :
    SF-Port80-TCP:V=4.68%I=7%D=3/5%Time=49AFEFF6%P=i686-pc-linux-gnu%r(GetRequ
    SF:est,131,"HTTP/1\.0\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/ht
    SF:ml\r\nDate:\x20Thu,\x2005\x20Mar\x202009\x2015:30:41\x20GMT\r\nContent-
    SF:Length:\x2039\r\nX-Cache:\x20MISS\x20from\x20mas4-gw\.pleer\.ru\r\nX-Ca
    SF:che-Lookup:\x20HIT\x20from\x20mas4-gw\.pleer\.ru:3128\r\nVia:\x201\.0\x
    SF:20mas4-gw\.pleer\.ru:3128\x20\(squid/2\.6\.STABLE5\)\r\nConnection:\x20
    SF:close\r\n\r\n<h1>Bad\x20Request\x20\(Invalid\x20Hostname\)</h1>")%r(HTT
    SF:POptions,132,"HTTP/1\.0\x20400\x20Bad\x20Request\r\nContent-Type:\x20te
    SF:xt/html\r\nDate:\x20Thu,\x2005\x20Mar\x202009\x2015:30:41\x20GMT\r\nCon
    SF:tent-Length:\x2039\r\nX-Cache:\x20MISS\x20from\x20mas4-gw\.pleer\.ru\r\
    SF:nX-Cache-Lookup:\x20MISS\x20from\x20mas4-gw\.pleer\.ru:3128\r\nVia:\x20
    SF:1\.0\x20mas4-gw\.pleer\.ru:3128\x20\(squid/2\.6\.STABLE5\)\r\nConnectio
    SF:n:\x20close\r\n\r\n<h1>Bad\x20Request\x20\(Invalid\x20Hostname\)</h1>")
    SF:%r(RTSPRequest,27,"<h1>Bad\x20Request\x20\(Invalid\x20Hostname\)</h1>")
    SF:%r(FourOhFourRequest,131,"HTTP/1\.0\x20400\x20Bad\x20Request\r\nContent
    SF:-Type:\x20text/html\r\nDate:\x20Thu,\x2005\x20Mar\x202009\x2015:30:46\x
    SF:20GMT\r\nContent-Length:\x2039\r\nX-Cache:\x20MISS\x20from\x20mas4-gw\.
    SF:pleer\.ru\r\nX-Cache-Lookup:\x20HIT\x20from\x20mas4-gw\.pleer\.ru:3128\
    SF:r\nVia:\x201\.0\x20mas4-gw\.pleer\.ru:3128\x20\(squid/2\.6\.STABLE5\)\r
    SF:\nConnection:\x20close\r\n\r\n<h1>Bad\x20Request\x20\(Invalid\x20Hostna
    SF:me\)</h1>")%r(Help,46E,"<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//W3C//DTD\x2
    SF:0HTML\x204\.01\x20Transitional//EN\"\x20\"http://www\.w3\.org/TR/html4/
    SF:loose\.dtd\">\n<HTML><HEAD><META\x20HTTP-EQUIV=\"Content-Type\"\x20CONT
    SF:ENT=\"text/html;\x20charset=windows-1251\">\n<TITLE>\xce\xd8\xc8\xc1\xc
    SF:a\xc0:\x20\xc7\xe0\xef\xf0\xee\xf8\xe5\xed\xed\xfb\xe9\x20URL\x20\xed\x
    SF:e5\x20\xec\xee\xe6\xe5\xf2\x20\xe1\xfb\xf2\xfc\x20\xe4\xee\xf1\xf2\xe0\
    SF:xe2\xeb\xe5\xed</TITLE>\n<STYLE\x20type=\"text/css\"><!--BODY{backgroun
    SF:d-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-ser
    SF:if}--></STYLE>\n</HEAD><BODY>\n<H1>\xce\xd8\xc8\xc1\xca\xc0</H1>\n<H2>\
    SF:xc7\xe0\xef\xf0\xee\xf8\xe5\xed\xed\xfb\xe9\x20URL\x20\xed\xe5\x20\xec\
    SF:xee\xe6\xe5\xf2\x20\xe1\xfb\xf2\xfc\x20\xe4\xee\xf1\xf2\xe0\xe2\xeb\xe5
    SF:\xed\.</H2>\n<HR\x20noshade\x20size=\"1px\">\n<P>\n\xc2\xee\x20\xe2\xf0
    SF:\xe5\xec\xff\x20\xee\xe1\xf0\xe0\xe1\xee\xf2\xea\xe8\x20\xe7\xe0\xef\xf
    SF:0\xee\xf1\xe0:\n<PRE>\nHELP\r\n\n</PRE>\n<P>\n\xcf\xf0\xee\xe8\xe7\xee\
    SF:xf8\xeb\xe0\x20\xf1\xeb\xe5\xe4\xf3\xfe\xf9\xe0\xff\x20\xee\xf8\xe8\xe1
    SF:\xea\xe0:\n<UL>\n<LI>\n<STRONG>\n\xcd\xe5\xe2\xe5\xf0\xed\xfb\xe9\x20\x
    SF:e7\xe0\xef\xf0\xee\xf1\.\n</STRONG>\n</UL>\n\n<P>\n\xcd\xe5\xea\xee\xf2
    SF:\xee\xf0\xfb\xe5\x20\xe0\xf1\xef\xe5\xea\xf2\xfb\x20HTTP\x20\xe7\xe0\xe
    SF:f\xf0\xee\xf1\xe0\x20\xed\xe5\xef\xf0\xe0\xe2\xe8\xeb\xfc\xed\xfb\.\x20
    SF:\xc2\xee\xe7\xec\xee\xe6\xed\xfb\xe5\x20\xef\xf0\xee\xe1\xeb\xe5\xec\xf
    SF:b:\n<UL>\n<LI>\xce\xf2\xf1\xf3\xf2\xf1\xf2\xe2\xf3\xe5\xf2\x20\xeb\xe8\
    SF:xe1\xee\x20\xed\xe5\xe8\xe7\xe2\xe5\xf1\xf2\xe5\xed\x20\xec\xe5\xf2\xee
    SF:\xe4\x20\xe7\xe0\xef\xf0\xee\xf1\xe0\x20\(GET,\x20POST\)\n<LI>\xce\xf2\
    SF:xf1\xf3\xf2\xf1\xf2\xe2\xf3\xe5\xf2\x20URL\n<LI>\xce\xf2\xf1\xf3\xf2\xf
    SF:1\xf2\xe2\xf3\xe5\xf2\x20HTTP\x20\xe8\xe4\xe5\xed\xf2\xe8\xf4\xe8\xea\x
    SF:e0\xf2\xee\xf0\x20\(HTTP/1\.0\)\n<LI>\xc7\xe0\xef\xf0\xee\xf1\x20\xf1\x
    SF:eb\xe8\xf8\xea\xee\xec\x20\xe2\xe5\xeb\xe8\xea\n<LI>\xcd\xe5\x20\xf3\xe
    SF:a\xe0\xe7\xe0\xed\x20Content-Length\x20\xe4\xeb\xff\x20\xe7\xe0\xef\xf0
    SF:\xee\xf1\xee\xe2\x20POST\x20\xe8\xeb\xe8\x20PUT\n<L");
    Device type: general purpose
    Running (JUST GUESSING) : Microsoft Windows 2003|XP|2000 (95%)
    Aggressive OS guesses: Microsoft Windows Server 2003 SP1 or SP2 (95%), Microsoft Windows Server 2003 SP2 (91%), Microsoft Windows XP SP2 (90%), Microsoft Windows XP SP2 (firewall disabled) (90%), Microsoft Windows 2003 Small Business Server (89%), Microsoft Windows XP Professional SP2 (89%), Microsoft Windows XP Professional SP2 (firewall enabled) (87%), Version 5.1 (build 2600.xpsp.080125-2028:Service Pack 3, v3300) (87%), Microsoft Windows Server 2003 R2 SP1 (87%), Microsoft Windows Server 2003 SP1 (87%)
    No exact OS matches for host (test conditions non-ideal).
    Network Distance: 8 hops
    Service Info: OS: Windows

    OS and Service detection performed. Please report any incorrect results at nmap.org .
    Nmap done: 1 IP address (1 host up) scanned in 78.160 seconds

    Это, товарищи, ПИЗДЕЦ.

Replies (21)