9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Checks if SMTP is running on a non-standard port.
This may indicate that crackers or script kiddies have set up a backdoor on the system to send spam or control the machine.
nmap -sV --script=smtp-strangeport <target>
22/tcp open smtp
|_ smtp-strangeport: Mail server on unusual port: possible malware
description = [[
Checks if SMTP is running on a non-standard port.
This may indicate that crackers or script kiddies have set up a backdoor on the
system to send spam or control the machine.
]]
---
-- @output
-- 22/tcp open smtp
-- |_ smtp-strangeport: Mail server on unusual port: possible malware
author = "Diman Todorov"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"malware", "safe"}
portrule = function(host, port)
return port.service == "smtp" and
port.number ~= 25 and port.number ~= 465 and port.number ~= 587
and port.protocol == "tcp"
and port.state == "open"
end
action = function()
return "Mail server on unusual port: possible malware"
end
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%