Last time I opened a port using netcat for receiving HTTP posts from a external. It’s possible, using a pipe, to redirect to forward all the received messages to a text file. Reached the time to choose a number for the port, I chose 5555. It never come to my knowledge what was going to happen. After a few time, eager to see if everything was working fine. But what I found there after looking at the log file was bizarre, to say the least. Besides normal HTTP posts, I started to see unexpected stuff at that port. Googled for the content of the strange messages and I found that 5555 was being used to exploit the vulnerability of ADB protocol use by Android Devices for development purposes, that used this port without any kind of authentication. The messages were being sent by already infected devices like Smart TVs and other stuff. But the open was opened in a Linux box, so there weren’t any kind of danger. Any way, next time, don’t open ports with numbers easy to guess like 5555, 12345, 54321 and the like….
Don’t open random ports at your will
by
Tags: