Windows Defender Credential Guard does not allow using saved credentials

Yukarıda yazan ”Windows Defender Credential Guard Kaydedilmiş Kimlik Bilgilerini Kullanmaya İzin Vermiyor” hatasını aldığınızda istemci bilgisayarınızda yapmanız gerekenler sırası ile;

çalıştır’a regedit.exe yazıp açılan pencerede,

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard alanına gidin ve 2 adet dword değer oluşturun

1) EnableVirtualizationBasedSecurity isminde değeri 0 olacak

2) RequirePlatformSecurityFeatures isminde değeri 0 olacak

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa alanına gidin ve 1 adet dword değer oluşturun

1) LsaCfgFlags isminde değeri 0 olacak.

Sonrasında istemci bilgisayarınızı yeniden başlatın artık şifrelerinizi kaydedebileceksiniz.

Use dig command to find which version is running on your name servers:

$ dig +short @ns1.example.com version.bind txt chaos
"9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1"

Bind

To hide version in when using Bind, open named.conf configuration file using your favorite editor, go to options section and set a custom version string using version option.

Example:

// /etc/named.conf
options {
  // Hide bind version
  version "unknown";
};

Restart the server (use bind9 instead of named on systems based on Debian):

$ sudo service named restart
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]

Verify that server is returning new version string:

$ dig +short @ns1.example.com version.bind txt chaos
"unknown"

Knot

Edit knot.conf and set version parameter in system section to off:

system {
  # Used for answer to CH TXT 'version.server' or 'version.bind'
  version off;
}

Restart the server to apply changes:

$ sudo service knot restart
Stopping knot: .                                          [  OK  ]
Starting knot:                                            [  OK  ]

MyDNS

TODO

NSD

Edit nsd.conf configuration file and set hide-version parameter to yes in server section.

server:
  # /etc/nsd/nsd.conf
  # Don't answer VERSION.BIND and VERSION.SERVER CHAOS class queries
  hide-version: yes

Restart NSD server:

$ sudo service nsd restart
Stopping nsd:                                              [  OK  ]
Starting nsd:                                              [  OK  ]

PowerDNS

Edit /etc/pdns/pdns.conf and set version-string to anonymous then restart PowerDNS server.

version-string=anonymous

TinyDNS

TinyDNS doesn’t expose version.

Microsoft DNS

To control how the server responds to version query, use dnscmd command with EnableVersionQuery parameter. Possible values:

• 0x00000000 (DNS_VERSION_QUERY_OFF) No version information will be returned.
• 0x00000001 (DNS_VERSION_QUERY_FULL) The server responds with major operating system version, minor operating system version, and operating system revision.
• 0x00000002 (DNS_VERSION_QUERY_MINIMAL) The server responds with major operating system version and minor operating system version.

Example:

dnscmd /config /EnableVersionQuery 0

On Windows Server 2008 and Windows Server 2008 R2, the default value is 0x00000001. On Windows Server 2012 and Windows Server 2012 R2, the default value is 0x00000000.

YADIFA

Yadifa version can be hidden setting version in main section:

<main>
  version "not disclosed"
</main>

Time: Fri Oct 24 06:25:44 2014 +0100

IP: 91.201.244.50 (UA/Ukraine/-)

Failures: 10 (ftpd)

Interval: 3600 seconds

Blocked: Permanent Block

Steps to disable IP block LFD notifications.

1) Login to WHM.

2) Navigate to “ConfigServer Security & Firewall” under “Plugin” section.

3) Click on “Firewall Configuration” button to edit the CSF configuration File.

4) Search for “LF_PERMBLOCK_ALERT” on the configuration file and click on “Off” button.

5) Click on “Change” button to save the changes.

We need to restart csf and lfd services to enable all changes that we made in the above steps. So click on the “Restart csf+lfd” button to restart both the services.

We can do above settings from the server via terminal.

1) Log in to the server via SSH.

2) Open csf configuration file and search for “LF_PERMBLOCK_ALERT” and set the value to 0.

# vi /etc/csf/csf.conf

LF_PERMBLOCK_ALERT =0

3) Then you need to restart both csf and lfd services to enable the changes.

# service csf restart

# service lfd restart

If you need any further help please do reach our support department.

PHP Warning:  Module 'imagick' already loaded in Unknown on line 0

1. Make sure extension=”imagick.so” is commented-out from these:

/usr/lib/php.ini
/usr/local/lib/php.ini
/opt/cpanel/ea-php56/root/etc/php.ini
/opt/cpanel/ea-php56/root/etc/php.d/02-pecl.ini

2. Make sure extension=”imagick.so” is not commented out in:

/opt/cpanel/ea-php56/root/etc/php.d/imagick.ini

3. Run

/usr/sbin/cagefsctl –force-update

4. Restart Apache

Now my users can send email to my support addresses at all my helpdesk scripts without receiving a “could not deliver, PHP Warning: Module ‘imagick’ already loaded in Unknown on line 0” message back to them, and I’ve re-opened normal operation of my helpdesks.

Thank you guys so much! You guys have no idea how grateful I am right now… the sleep depravation and holiday support overload was already taking a toll, and this was really putting a hurt on me. Wow, maybe I can go get a couple hours of sleep now. THANK YOU!

My IP address is blacklisted by some sender reputation RBL and emails are not delivered.
How can I remove it form the blacklists?

RBLs

Our dedicated IP are only assigned to one account at a time, so we expect those users to take responsibility for all of the mail that is sent through their account. 

Please note: in the event that a sending domain (and not the IP address) is blacklisted, that domain’s controller will be responsible for handling the delisting request.

RBLs are blacklists of IP addresses. One IP address enters into a blacklist for spamming activity.
Here you can find instructions on what to do once the IP address entered into one or more blacklists.

Why did you get into the blacklist in the first place?

First of all, make sure you identified the reason for the blacklisting.
If you didn’t identify and resolve it, you will just make things worse by asking for delisting. The IP will be quickly re-blacklisted and it will be harder to delist it.
So, check why the IP has been blacklisted and fix the source of the problem before going ahead.
Once you resolved all the problems (if it is a new IP address there is no problem to resolve, of course), you can go ahead with the delisting with the following instructions.

First time cleanup

If you just acquired this IP address, make sure that the dns reverse lookup is set before requesting removal from blacklists.
When asked for a reason for requesting delisting, tell that you just acquired the IP address.

Delisting

First of all, let Valli check a bunch of RBLs for you: http://multirbl.valli.org/lookup
For each RBL where the IP is listed, follow the link and read the instructions on how to delist.
Each RBL has it’s own rules, some of them require an email verification in order to delist, some of them require that you explain the reasons of the listing (if it’s a new ip address just tell them that this ip address has just been assigned to you), some of them don’t allow delisting at all (it’s automatic after some time).

In the Valli list of RBLs, some are more important than others.
Some important blacklists are Spamhaus, Barracuda, SORBS, V4BL.
Start requesting the delisting from the important ones and then proceed until you requested delisting from all of the blacklists that allow it. The ones that don’t accept delisting requests will delist automatically after some time (like rbldns.ru).

There are some important blacklists that are not checked by Valli, make sure you remove the IP address also from those:

Outlook (Microsoft): https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3&locale=en-us&ccsid=636014233369251686
This list doesn’t provide a test to check if the IP is blacklisted, you can easily test by sending an email from the ESVA IP address to a hotmail email address. If the email does go through then the IP address is not blacklisted, if the email isn’t delivered you can read in the SMTP response message the reason. You can find the SMTP response message in the maillog. Copy the text because it is needed in the removal request.

Microsoft Office: https://sender.office.com/Delist
This service offers a reputation check. You will be required to enter the ip address and your email address where a confirmation link will be sent.

Trend Micro: https://ers.trendmicro.com/reputations
Reputation check available.

Sophos: https://www.sophos.com/en-us/threat-center/ip-lookup.aspx
Reputation check available.

Symantec: http://ipremoval.sms.symantec.com/
Reputation check available.

Yahoo: http://help.yahoo.com/l/us/yahoo/mail/postmaster/bulkv2.html
This service is not just for bulk mailers, it is also used for delisting requests. Just like the Outlook service above, it does not offer a reputation lookup service so you should test for blacklisting trying to send an email to a yahoo email address and checking the result as described above for Outlook. In order to request delisting you must have a yahoo account, which you can create for free.

AT&T: http://rbl.att.net/cgi-bin/rbl/block_admin.cgi
It is not possible to check whether an ip address is listed or not. If your ip address is listed your messages will be bounced with an SMTP clause similar to this:
553 5.3.0 alph155 DNSBL:ATTRBL 521< 199.169.39.199 >_is_blocked.For assistance forward this email to abuse_rbl@abuse-att.net>

Barracuda: https://www.barracudacentral.org/rbl/removal-requestDelist request.

Cloudmark: https://csi.cloudmark.com/en/reset/
Delist request.

Comcast: http://postmaster.comcast.net/block-removal-request.html
Delist request.

McAfee: https://www.mcafee.com/enterprise/en-us/threat-center/threat-feedback.html
Delist request.

Mimecast: https://www.mimecast.com/senderfeedback/
Delist request.

ProofPoint: https://ipcheck.proofpoint.com/
Delist request.

SORBS: http://www.sorbs.net/overview.shtml
Delisting and Reputation check available.

SpamCop: https://www.spamcop.net/bl.shtml
Delisting and Reputation check available.

Spam rats: https://www.spamrats.com/removal.php
Delisting service.

Spamhaus: https://www.spamhaus.org/lookup/
Delisting service.

SURBL: http://www.surbl.org/surbl-analysis
Delisting service.

URIBL: https://admin.uribl.com/
Delist service.

Whitelisting

It is a good thing also to enter into white lists:
https://www.dnswl.org/selfservice/

IP Reputation Monitoring

There are some services that allow you to monitor your reputation and check it over time. You can take advantage of this services if you send a few thousand emails on a daily basis to domains like gmail or hotmail. For small amounts of email traffic they don’t provide feedback.

Google: https://postmaster.google.com/
Microsoft: https://postmaster.live.com/snds/JMRP.aspx

If its blacklisted, You need to take further action to remove the IP address from blacklist. They don’t remove your IP immediately and it will take time. So mean while we can change our exim outbound IP address to solve our issue.

1) Add new IP address to server

Check on your server whether if you have additional IP. If so you can leave this step. If no you need to add new IP address (Make sure you should have additional free IP on your server. If no you should ask your Server provider to get additional IP) on your server to proceed further.

# Checking assigned IP address in server #
# ifconfig

# Adding new IP address into server #
# ifconfig eth0:1 xxx.xx.xx.xx netmask 255.255.255.0

2) Add new IP address to mailips file

Just open /etc/mailips file and add your new IP address with below format. So that all the domain Outbound mails take new IP address from your server.

# Adding new IP address to mailips file #
# nano /etc/mailips
*:xxx.xx.xx.xx

3) Add new IP address to exim.conf file

Just open /etc/exim.conf file and find remote_smtp: then remove interface & helo_data line and add new interface like below.

# By default exim.conf file like below #
# nano /etc/exim.conf
remote_smtp:
  driver = smtp
  interface = ${if exists {/etc/mailips}{${lookup{$original_domain}lsearch{/etc/mailips}{$value}{${lookup{$sender_address_domain}lsearch{/etc/mailips}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailips}{$value}{}}}}}}}}
  helo_data = ${if exists {/etc/mailhelo}{${lookup{$original_domain}lsearch{/etc/mailhelo}{$value}{${lookup{$sender_address_domain}lsearch{/etc/mailhelo}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}}}}}{$primary_hostname}}

# Make Change into exim.conf file #
# nano /etc/exim.conf
remote_smtp:
  driver = smtp
  interface = xxx.xx.xx.xx

4) Adding RDNS

Ask your Provider to create RDNS for your IP and assign the same to /etc/mail_reverse_dns file. Normally it will take 24-48 hours its purely depends upon your DNS provider. Add your RDNS with below format. So that all the domain Outbound mails will delivery properly or else some of the top provider reject your email due to RDNS. RDNS should be your server hostname.

# Adding RDNS entry #
# nano /etc/mail_reverse_dns
xxx.xx.xx.xx: server.2daygeek.com

5) Changing file attribute

Use the below command to change files attribute, so that it wont get reset to default automatically.

# Making copy of exim.conf file #
# chattr +aui /etc/exim.conf

# Rebuilding exim.conf file #
# chattr +aui /etc/mailips

6) Restart exim

Use the below command to restart exim and send test mail then verify the header you can see new IP address.

# Restart exim service #
# service exim restart

Hope you are in SAFE.

Bu yazımda DELL İdrac’inizi bir firewall arkasından internete çıkarmak isterseniz gerekli olan portları paylaşacağım. (Genel olarak uzaktan erişim cihazlarınızı internete çıkarmamanızı tavsiye ederim, ama bazen ihtiyaç olabiliyor.

Umarım faydası olur.

• 22 SSH
• 23 Telnet
• 80 HTTP
• 443 HTTPS
• 161 SNMP
• 3668 Virtual Media server
• 5869 Remote racadm server
• 5900-5901 Console Redirection

Yukarıda bulunan hata mesajına ek olarak sunucu üzerinde bulunan Event Viewer (Olay Günlüğü) içerisinde de aşağıdaki gibi bir hata mesajı ile karşılaşabilirsiniz.

Event ID:1128

Source:TerminalServices-RemoteConnectionManager

Bazı durumlarda sunucuya lisans anahtarı girmek yada lisans sunucusunu göstermek yerine bu süreyi yeniden başlatmak isteyebilirsiniz.

Bu durumda HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod altında bulunan L$RTMTIMEBOMB_ registry değerini silmelisiniz. Bu registry değerini silmek için ilgili registry kaydı üzerinde admin haklarına sahip olmalısınız. İlgili registry değerini sildikten sonra sunucuyu yeniden başlatmalısınız. Sunucu yeniden başlatıldıktan sonra bu süre yeniden başlayacaktır.

Faydalı Olması Dileğiyle …

“Kuruluşunuzun güvenlik ilkeleri, kimliği doğrulanmamış konuk erişimini engellediğinden bu paylaşılan klasöre erişemezsiniz. Bu ilkeler, bilgisayarınızı ağ üzerindeki güvenli olmayan veya kötü amaçlı cihazlardan korumanıza yardımcı olur. “

hatası alıyorsanız çözüm;

Çalıştır kısmına “gpedit.msc” yazarak ulaşabilirsiniz

“Yerel Grup İlkesi / Bilgisayar yapılandırması / Yönetim şablonları / Ağ / Ağ bağlantıları /

Lanman iş istasyonu / “Güvenli olmayan konuk oturum açma işlemlerini etkinleştir” <Etkin>”

Örnek Resim;

İyi çalışmalar.

Portspoof

Bildiğiniz gibi network scanner uygulamalarının uzaktaki bir sistemde çalışan servisleri tespit etmeleri için kullandıkları bir takım teknikler vardır. Bu tekniklerden en tipik olanı ise TCP’nin üçlü el sıkışma prensibinden hareketle uzak sunucunun tüm portlarına (ya da ilgilenilen portlarına) birer SYN paketi göndermek ve alınacak cevaba göre ilgili servisin mevcudiyeti ya da durumu ile ilgili karara varmaktır. Örnek olarak üzerinde bir web sunucusu çalıştığını bildiğiniz uzaktaki bir sistemin 80. portuna bir SYN paketi gönderirseniz ve uzak sunucudaki bu servis çalışır durumdaysa -ayrıca herhangi bir engelleme yoksa- cevap olarak SYN+ACK paketi alırsınız. Bu şekilde ilgili servisin çalışır vaziyette olduğu uzaktan tespit edilir ve örneğin nmap ilgili port’u OPEN olarak bildirir. Aynı şekilde gönderilen SYN paketine RST paketi dönerse, uzak sunucuda ilgili portu dinleyen bir servis olmadığı anlaşılır ve scanner uygulaması durumu CLOSED olarak değerlendirir. Eğer uzak sunucu bir firewall üzerinden korunuyorsa ve SYN paketini gönderdiğiniz porta erişim izniniz yoksa ilgili paket -genel olarak- drop edilir bu nedenle de geriye herhangi bir paket döndürülmez. Bu durumda da network scanner uygulaması durumu FILTERED olarak bildirir, bu şekilde de uzaktaki sistemin bir firewall’a sahip olduğunu tespit edebilirsiniz.

İşte portspoof bu tip yöntemler kullanarak sunucunuz üzerindeki servisler hakkında bilgi almak isteyen saldırganların işini zorlaştırmak için gönderilen her SYN paketine SYN+ACK döndürerek tüm portların açıkmış gibi görünmesini sağlamaktadır. Bu durum saldırganın hangi portun ucunda gerçekten hangi servisin olduğunu tespit edebilmesini doğrudan zorlaştıracaktır. Ayrıca elinizde tüm portları açık görünen bir sistem varsa, gerçekten hangi portta hangi servisin çalıştığını tespit etmek için ilgili portlar üzerinde versiyon tespiti (probing) yapmanız gerekir. Nmap gibi uygulamaların version tespiti için spesifik servislere ait fingerprint’lerin tutulduğu database’leri olduğundan normal şartlarda bu tespit işlemi fazla uzun sürmeyecektir ancak portspoof gelen her versiyon tespit taraması için bir sahte bir fingerprint döner, bu nedenle saldırgan servis tespiti için gerçekten uzun süreler harcamak zorunda kalacaktır. (Ben denemedim ama portspoof’un sitesinde tüm portlar -65535 adet- version detection için yaklaşık 8 saat gerekeceği yazmakta.)

İşte yukarıda bahsedilen bu durumlardan ötürü sistemlerinizde portspoof kullanmak isteyebilirsiniz. Böyle bir ihtiyaç için CentOS 7 üzerinde kurulum ve yapılandırma aşamaları aşağıdaki gibidir:

Öncelikli olarak gereksinim paketlerini kuruyoruz. (Bunun için ben EPEL reposunu da kuruyorum.)

# rpm -Uvh http://mirror.vit.com.tr/mirror/Epel/7/x86_64/epel-release-7-1.noarch.rpm

# yum install gcc gcc-c++ unzip

Gereksinim paketletinin kurulumundan sonra portspoof uygulamasını indiriyoruz:

# wget https://github.com/drk1wi/portspoof/archive/master.zip

ve kurulum aşamasına geçiyoruz:

# unzip master.zip

# cd portspoof-master

# ./configure –sysconfdir=/etc/

# make && make install

Bu adımın ardında, sisteme gelen tüm istekleri portspoof’a yönlendirmek için gerekli firewalld (iptables) kuralını ekleyeceğiz. Portspoof öntanımlı olarak tcp 4444 portunu dinliyor ve tüm bağlantı isteklerini portspoof üzerinden geçirmek için tüm portlara gelen bağlantı isteklerini 4444’e yani portspoof’a forward etmeniz gerekiyor. Bu noktada yönlendirme işlemini yapmadan önce portspoof’un araya girmesini istemediğiniz spesifik servisleriniz varsa bunlar için yönlendirme yapmamanız gerekiyor. Örnek olarak tcp 22’de ssh ve tcp 80’de web sunucu calistiran bir sistem için bu portlar haricinde kalan tüm diğer portlar için yönlendirme şu şekilde yapılmakta:

# firewall-cmd –permanent –zone=public –add-forward-port=port=1-21:proto=tcp:toport=4444

# firewall-cmd –permanent –zone=public –add-forward-port=port=23-79:proto=tcp:toport=4444

# firewall-cmd –permanent –zone=public –add-forward-port=port=81-65535:proto=tcp:toport=4444

# systemctl restart firewalld

Not: Eğer klasik iptables kullanıyorsanız (CentOS 6.x sürümü vs.) kuralları aşağıdaki şekilde ekleyebilirsiniz:

# iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp -m multiport –dports 1:21,23:79,81:65535 -j REDIRECT –to-ports 4444

# iptables-restore < iptables-config

Yönlendirme işi de tamamlandıktan sonra portspoof’u çalıştırıyoruz. Bu noktada portspoof’un iki farklı modu’u bulunuyor. Tüm potların açık olarak gösterilmesini sağlayan mode’un yanu sıra version tespiti denemelerinde sahte finger print göndermek üzere kullanılan bir diğer modu bulunuyor. Ben saldırgan için işleri iyice çığırından çıkarmak için ikinci modu tercih ediyorum:

# portspoof -c /etc/portspoof.conf -s /etc/portspoof_signatures -D

Bu şekilde sisteminizin örnek olarak ilk 50 portunu tarayıp servis versiyonu tespit etmek isterseniz nmap’i aşağıdaki şekilde kullanabilirsiniz:

# nmap -sV -p 1.50 uzaksistem-ipsi

Sonuç aşağıdakine benzer şekilde eğlenceli olacaktır:

# nmap -sV -p 1-50 192.168.16.162

Starting Nmap 6.40 ( http://nmap.org ) at 2014-08-30 22:33 EEST

Nmap scan report for 192.168.16.162

Host is up (0.00024s latency).

PORT   STATE SERVICE VERSION

1/tcp  open  smtp    Unrecognized SMTP service (12345 0000000000000000000000000000000000000000000000000000000)

2/tcp  open  smtp    Unrecognized SMTP service (12345 0000000000000000000000000000000000000000000000000000000)

3/tcp  open  smtp    Unrecognized SMTP service (12345 0000000000000000000000000000000000000000000000000000000)

4/tcp  open  smtp    Unrecognized SMTP service (12345 0000000000000000000000000000000000000000000000000000000)

5/tcp  open  smtp    Unrecognized SMTP service (12345 0000000000000000000000000000000000000000000000000000000)

6/tcp  open  smtp    Unrecognized SMTP service (12345 0ffffffffffffffffffffffffffffffffffffffffffffffffffff00)

7/tcp  open  smtp    Unrecognized SMTP service (12345 0fffffffffffff777778887777777777cffffffffffffffffffff00)

8/tcp  open  smtp    Unrecognized SMTP service (12345 0fffffffffff8000000000000000008888887cfcfffffffffffff00)

9/tcp  open  smtp    Unrecognized SMTP service (12345 0ffffffffff80000088808000000888800000008887ffffffffff00)

10/tcp open  smtp    Unrecognized SMTP service (12345 0fffffffff70000088800888800088888800008800007ffffffff00)

11/tcp open  smtp    Unrecognized SMTP service (12345 0fffffffff000088808880000000000000088800000008fffffff00)

12/tcp open  smtp    Unrecognized SMTP service (12345 0ffffffff80008808880000000880000008880088800008ffffff00)

13/tcp open  smtp    Unrecognized SMTP service (12345 0ffffffff000000888000000000800000080000008800007fffff00)

14/tcp open  smtp    Unrecognized SMTP service (12345 0fffffff8000000000008888000000000080000000000007fffff00)

15/tcp open  smtp    Unrecognized SMTP service (12345 0ffffff70000000008cffffffc0000000080000000000008fffff00)

16/tcp open  smtp    Unrecognized SMTP service (12345 0ffffff8000000008ffffff007f8000000007cf7c80000007ffff00)

17/tcp open  smtp    Unrecognized SMTP service (12345 0fffff7880000780f7cffff7800f8000008fffffff80808807fff00)

18/tcp open  smtp    Unrecognized SMTP service (12345 0fff78000878000077800887fc8f80007fffc7778800000880cff00)

19/tcp open  smtp    Unrecognized SMTP service (12345 0ff70008fc77f7000000f80008f8000007f0000000000000888ff00)

20/tcp open  smtp    Unrecognized SMTP service (12345 0ff0008f00008ffc787f70000000000008f000000087fff8088cf00)

21/tcp open  smtp    Unrecognized SMTP service (12345 0f7000f800770008777000000000000000f80008f7f70088000cf00)

22/tcp open  ssh     OpenSSH 6.4 (protocol 2.0)

23/tcp open  smtp    Unrecognized SMTP service (12345 0f8008707ff07ff8000008088ff800000000f7000000f800808ff00)

24/tcp open  smtp    Unrecognized SMTP service (12345 0f7000f888f8007ff7800000770877800000cf780000ff00807ff00)

25/tcp open  smtp    Unrecognized SMTP service (12345 0ff0808800cf0000ffff70000f877f70000c70008008ff8088fff00)

26/tcp open  smtp    Unrecognized SMTP service (12345 0ff70800008ff800f007fff70880000087f70000007fcf7007fff00)

27/tcp open  smtp    Unrecognized SMTP service (12345 0fff70000007fffcf700008ffc778000078000087ff87f700ffff00)

28/tcp open  smtp    Unrecognized SMTP service (12345 0ffffc000000f80fff700007787cfffc7787fffff0788f708ffff00)

29/tcp open  smtp    Unrecognized SMTP service (12345 0fffff7000008f00fffff78f800008f887ff880770778f708ffff00)

30/tcp open  smtp    Unrecognized SMTP service (12345 0ffffff8000007f0780cffff700000c000870008f07fff707ffff00)

31/tcp open  smtp    Unrecognized SMTP service (12345 0ffffcf7000000cfc00008fffff777f7777f777fffffff707ffff00)

32/tcp open  smtp    Unrecognized SMTP service (12345 0cccccff0000000ff000008c8cffffffffffffffffffff807ffff00)

33/tcp open  smtp    Unrecognized SMTP service (12345 0fffffff70000000ff8000c700087fffffffffffffffcf808ffff00)

34/tcp open  smtp    Unrecognized SMTP service (12345 0ffffffff800000007f708f000000c0888ff78f78f777c008ffff00)

35/tcp open  smtp    Unrecognized SMTP service (12345 0fffffffff800000008fff7000008f0000f808f0870cf7008ffff00)

36/tcp open  smtp    Unrecognized SMTP service (12345 0ffffffffff7088808008fff80008f0008c00770f78ff0008ffff00)

37/tcp open  smtp    Unrecognized SMTP service (12345 0fffffffffffc8088888008cffffff7887f87ffffff800000ffff00)

38/tcp open  smtp    Unrecognized SMTP service (12345 0fffffffffffff7088888800008777ccf77fc777800000000ffff00)

39/tcp open  smtp    Unrecognized SMTP service (12345 0fffffffffffffff800888880000000000000000000800800cfff00)

40/tcp open  smtp    Unrecognized SMTP service (12345 0fffffffffffffffff70008878800000000000008878008007fff00)

41/tcp open  smtp    Unrecognized SMTP service (12345 0fffffffffffffffffff700008888800000000088000080007fff00)

42/tcp open  smtp    Unrecognized SMTP service (12345 0fffffffffffffffffffffc800000000000000000088800007fff00)

43/tcp open  smtp    Unrecognized SMTP service (12345 0fffffffffffffffffffffff7800000000000008888000008ffff00)

44/tcp open  smtp    Unrecognized SMTP service (12345 0fffffffffffffffffffffffff7878000000000000000000cffff00)

45/tcp open  smtp    Unrecognized SMTP service (12345 0ffffffffffffffffffffffffffffffc880000000000008ffffff00)

46/tcp open  smtp    Unrecognized SMTP service (12345 0ffffffffffffffffffffffffffffffffff7788888887ffffffff00)

47/tcp open  smtp    Unrecognized SMTP service (12345 0ffffffffffffffffffffffffffffffffffffffffffffffffffff00)

48/tcp open  smtp    Unrecognized SMTP service (12345 0000000000000000000000000000000000000000000000000000000)

49/tcp open  smtp    Unrecognized SMTP service (12345 0000000000000000000000000000000000000000000000000000000)

50/tcp open  smtp    Unrecognized SMTP service (12345 0000000000000000000000000000000000000000000000000000000)

Portspoof ile ilgil tüm diğer detayları https://github.com/drk1wi/portspoof adresinden alabilirsiniz.