I have found this interesting IP address. This is apparently in North Korea. Is this using telnet in 2024? Not very secure is it?
(jcartwright@2403-4800-25af-b00--2) 192.168.1.5 Downloads $ telnet 175.45.178.161
Trying 175.45.178.161...
Connected to 175.45.178.161.
Escape character is '^]'.
To get IP arp information with telnet, use this command.
AstSW>show ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 172.16.8.130 - 108c.cf7c.3c42 ARPA FastEthernet0/6 Internet 172.25.1.25 5 0031.4663.08a4 ARPA GigabitEthernet0/1 Internet 172.25.1.26 - 108c.cf7c.3c46 ARPA GigabitEthernet0/1 Internet 175.45.178.161 - 108c.cf7c.3c44 ARPA FastEthernet0/13 Internet 175.45.178.166 1 0090.8f62.4a5d ARPA FastEthernet0/13 Internet 175.45.178.167 0 Incomplete ARPA Internet 192.168.10.9 - 108c.cf7c.3c43 ARPA FastEthernet0/11 Internet 192.168.10.10 216 0026.9926.0df4 ARPA FastEthernet0/11 Internet 192.168.111.10 - 108c.cf7c.3c45 ARPA FastEthernet0/19
The system clock is set to 1993. How old is this computer? And it is running Microsoft IIS.
AstSW>show clock *03:39:57.024 UTC Mon Mar 1 1993
But this is an interesting find indeed. The computer is in Pyongyang. Maybe this is a sign of how outdated North Korea really is. Geolocating the IP address does show it is in North Korea.
(jcartwright@2403-4800-25af-b00--2) 192.168.1.5 Downloads $ curl -s ipinfo.io/175.45.178.161 | awk '{print $2}' | sed 's/"//g'
175.45.178.161,
Pyongyang,
Pyongyang,
KP,
39.0339,125.7543,
AS4775
Asia/Pyongyang,
https://ipinfo.io/missingauth
You may also show memory information with telnet.
AstSW>show memory Head Total(b) Used(b) Free(b) Lowest(b) Largest(b) Processor 4933224 66092100 25611788 40480312 32551236 16768820 I/O 6800000 8388608 3860240 4528368 4220168 4217432 Driver te 3600000 1048576 44 1048532 1048532 1048532
There are a few ports open on this machine.
(jcartwright@2403-4800-25af-b00--2) 192.168.1.5 Downloads $ su
Password:
[root@2403-4800-25af-b00--2 Downloads]# nmap -sS 175.45.178.161
Starting Nmap 7.92 ( https://nmap.org ) at 2024-03-25 09:49 AEDT
Nmap scan report for 175.45.178.161
Host is up (0.32s latency).
Not shown: 995 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
23/tcp open telnet
80/tcp open http
443/tcp open https
646/tcp filtered ldp
Nmap done: 1 IP address (1 host up) scanned in 25.54 seconds
The SSH port being open is very interesting, it makes me wonder how secure the password would be… There used to be a stream showing North Korean TV, but it went down. I really miss it.