Author Topic: Malicious IP being blocked? spreading Mozi-elf-worm. (Read 1298 times)

polonus · « **on:** January 25, 2020, 06:18:23 PM »

Re: https://urlhaus.abuse.ch/url/297962/ because of downloading "elf".
See: https://www.shodan.io/host/218.21.170.6
Telnet vulnerability: https://www.hackingarticles.in/penetration-testing-telnet-port-23/
Re: https://www.techrepublic.com/article/protect-your-network-from-this-telnet-vulnerability/
See various abuse attempts: https://viz.greynoise.io/ip/218.21.170.6
detecting solutions: https://www.virustotal.com/gui/url/b8aee68c7ba0b01e1cf6381ff46711732d0176d73b27c936426d15b4058c5646/detection
detected url's: https://www.virustotal.com/gui/ip-address/218.21.170.6/relations

pol

Michael (alan1998) · « **Reply #1 on:** January 26, 2020, 12:48:33 AM »

Port 8088

Hikvision DVR
HTTP: Support Methods: OPTIONS TRACE GET HEAD POST PUT DELETE

We can see though through a simple test that PUT is not a permitted option.

Quote

HTTP/1.1 405 Method Not Allowed
Date: Sun, 26 Jan 2020 07:34:57 GMT
Server: App-webs
Content-Length: 228
Content-Type: text/html
Connection: close

<!DOCTYPE html>
<html><head><title>Document Error: Method Not Allowed</title></head></title>
<body><h2>Access Error: 405 -- Method Not Allowed</h2>
<p>Method PUT not supported by file handler at this location
</p></body></html>

SSH, Telnet and FTP all appear to be invulnerable from exploits and banner grabbing. MSFConsole (Metaplsoit's) modules failed, as did manual attempts to connect.

Edit: DELETE fails as well.

Author Topic: Malicious IP being blocked? spreading Mozi-elf-worm. (Read 1298 times)

polonus

Malicious IP being blocked? spreading Mozi-elf-worm.

Michael (alan1998)

Re: Malicious IP being blocked? spreading Mozi-elf-worm.