Slashdot Mirror
Telnet into Dreamcast?
Jeos wrote to us with a fun Saturday afternoon project: "OK so today I was bored, and I did what anyone with a Dreamcast and a portscanner would do, I did a port scan on my Dreamcast. The results are interesting"-click below to read more.Update: 09/12 08:02 by H : Yes, this is a hoax - or sources from inside Sega say it is.
Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Host (129.***.**.***) appears to be up ... good.
Initiating TCP connect() scan against (129.***.**.***)
Port State Protocol Service
23 open tcp telnet
80 filtered tcp http
113 open tcp auth
179 open tcp bgp
12345 filtered tcp NetBus
12346 filtered tcp NetBus
TCP Sequence Prediction: Class=random positive increments
Difficulty=561888 (Good luck!)
Sequence numbers: 2B26AFA0 2B49A760 2B5316DA 2B647480 2B7655AB 2B852F62
No OS matches for host (see for more info)
Nmap run completed -- 1 IP address (1 host up) scanned in 33 seconds
The OS fingerprinting didn't guess the OS, big surprise, but the interesting thing is all the ports that are open. The ones that interested me the most were 23 and 80, the normal telnet and web server ports. I tried to connect to my Dreamcast with a web browser, no luck there. Then I tired to telnet into it, jackpot! I was able to telnet in, and prompted to give a username/password. Of course I had no idea what the username or password would be, I wonder if it's some sort of backdoor for Sega?
Now i have to see if I can do anything interesting with the other ports.
Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Host (129.***.**.***) appears to be up ... good.
Initiating TCP connect() scan against (129.***.**.***)
Port State Protocol Service
23 open tcp telnet
80 filtered tcp http
113 open tcp auth
179 open tcp bgp
12345 filtered tcp NetBus
12346 filtered tcp NetBus
TCP Sequence Prediction: Class=random positive increments
Difficulty=561888 (Good luck!)
Sequence numbers: 2B26AFA0 2B49A760 2B5316DA 2B647480 2B7655AB 2B852F62
No OS matches for host (see for more info)
Nmap run completed -- 1 IP address (1 host up) scanned in 33 seconds
The OS fingerprinting didn't guess the OS, big surprise, but the interesting thing is all the ports that are open. The ones that interested me the most were 23 and 80, the normal telnet and web server ports. I tried to connect to my Dreamcast with a web browser, no luck there. Then I tired to telnet into it, jackpot! I was able to telnet in, and prompted to give a username/password. Of course I had no idea what the username or password would be, I wonder if it's some sort of backdoor for Sega?
Now i have to see if I can do anything interesting with the other ports.
If the DC was behind NAT/MASQ the IP would show
up to be the router that does the NAT:ing.
The open ports are consistant with this (telnet, BGP4, http), all are services that are running
on pretty much every cisco router.
I would suspect Sega enabled this feature as a way to debug the Dreamcast - I would also suspect most other console manufacturers do the same, only with proprietary hardware interfaces.
But what really interests me in how well the Dreamcast pulls off this 'convergence' thing that big companies like Microsoft, Sun, and others have been harping about. I mean, last year, these two companies were saying "We're gonna make it easy for everyone to access and use the Internet! Just watch!"
Here we are a year later and out of nowhere comes Sega with this console that not only plays some really great games, but also connects to the Internet and enables you to browse the web. But what's so special about that - I can hook up my computer's G400 to a TV display, too. The really cool thing is the power of the Dreamcast is hidden from the user.
Many of us here complaints that computers are too hard to use - there's no simple way to operate a computer like a television (push a button, and you're there). (We all know we hate these comments, but almost have to admit it.) The good thing about Dreamcast is that any John Q. Gamer (even their parents) can use this thing - they don't have to be computer literate! On the other hand, there's enough power in the device that real computer hackers like us can go to the length of making interfaces to the device (provided there are external ports and such) to harness that power - and the fact of the matter is, we will if given the chance.
- Shaheen
You should never take life too seriously - You'll never get out of it alive.
What ISP are you dialing up through that you saw port 80 open? I've noticed that disturbingly Netcom/Mindspring has started diverting all traffic aimed at port 80 through a proxy server of theirs. I suppose nominally this is to improve caching and make my web browsing faster or something, but you can bet they're tracking everywhere I browse.
A side effect of this is that nmap will *always* show an open port 80, because when nmap sends packets aimed at port 80, they wind up going to Netcom's proxy server and not the intended host. Also means that if nmap is doing its fingerprint testing against that port 80, it will get the fingerprint of the proxy, not of the actual host.
If the machine you're portscanning from is going through a Netcom dialup, you're probably just seeing the port 80 on their proxy, and not on the dreamcast. The fact that 12345 and 12346 are also both showing up is also indicative that a router somewhere between your scanner and the dreamcast is doing some filtering/proxying/monitoring. Unless it's just coincidence, I can't imagine why Sega would open those ports.
I checked the http server log for my site (dricasworld.com - complete coverage of the Dreamcast's online capabilities) and got a hostname of a Dreamcast user. Scanned it for open ports and none of those mentioned in the article were open. The guy either blundered and scanned the wrong IP or is full of it.
DaveO:Hi, I just nmapped my DC and saw several open ports! I could even telnet into it and get a login prompt! What are you trying to pull?
Sega:Ummm, sorry sir, I don't know about any maps or netting.... The extra ports on your computer are for possible expansion in the future, to allow for new featu-
DaveO:What are you talking about?!? This is an invasion of my and every American's privacy! You people make me sick!
Sega:I'm sorry you feel this way. Honestly, there have been additional connectors on SEGAs console systems for years, allowing for future upgradability, such as more controllers, external storage, etc. I don't really see how this affects your privacy. You could always return the system if you can't live with this.
DaveO:This is ridiculous, I can't believe you thing you are going to get away with this you ^##%@#%$@
-click-
cot.