Continuing my security theme, I decided to see what the iPad looks like on a network. Can you ping it, what does nmap say about it, does OS detection work, are there any open ports?
To test this I used both my iPhone (jimiz-phone) and iPad (jimizIP) connected to my wireless network.
The first thing I did was lookup the MAC address. There are many ways to do this but I like to use (www.coffer.com/mac_find/) It answers with Apple Inc
7C-6D-62 (hex) Apple, Inc
1 Infinite Loop
Cupertino CA 95014
UNITED STATES
I then ran 3 different OS detection tools: Nmap, zenmap, and xprobe2. NOTE: Zenmap is really just a GUI for nmap but it does clean up the OS detection. All three tools did a good job on calling out the OS as MAC
Nmap: iPad (It detected the iPad as OS X 10.5.6)
Interesting ports on JimizIP.jimizhome.com:
PORT STATE SERVICE
62078/tcp open iphone-sync
MAC Address: 7C:6D:62:C7:FA:17
Running: Apple Mac OS X 10.5.X
OS details: Apple Mac OS X 10.5 - 10.5.6 (Leopard) (Darwin 9.0.0b5 - 9.6.0)
Nmap: iPhone (it detected the iPhone OS)
Interesting ports on Jimiz-Phone.jimizhome.com:
PORT STATE SERVICE
62078/tcp open iphone-sync
MAC Address: 00:26:B0:67:18:B3 (Unknown)
Running: Apple iPhone OS 2.X
OS details: Apple iPod touch audio player (iPhone OS 2.2)
Zenmap: (both iPad and iPhone) detected both devices as an iPod Touch iPhone OS 2.2 – Screen Capture
Xprobe2: iPad (OS x 10.4.1)
[+] Primary guess:
[+] Host JimizIP Running OS: "Apple Mac OS X 10.4.1" (Guess probability: 100%)
[+] Other guesses:
[+] Host JimizIP Running OS: "Apple Mac OS X 10.4.0" (Guess probability: 100%)
[+] Host JimizIP Running OS: "Apple Mac OS X 10.3.9" (Guess probability: 100%)
Xprobe2 iPhone (OS x 10.4.1)
[+] Primary guess:
[+] Host Jimiz-Phone Running OS: "Apple Mac OS X 10.4.1" (Guess probability: 100%)
[+] Other guesses:
[+] Host Jimiz-Phone Running OS: "Apple Mac OS X 10.4.0" (Guess probability: 100%)
[+] Host Jimiz-Phone Running OS: "Apple Mac OS X 10.3.9" (Guess probability: 100%)
Each OS detection package did a pretty good job in showing it is an apple product. Nmap was able to identify the iPhone. I am guessing as the nmap OS database get’s updated it will also detect the iPad.
One interesting item that did show up is that port scan showed that port 62708 was open on both the iPhone and iPad. I did a little looking and it is the iphone-sync port.
Overall it looks like both devices are fairly secure over the wifi connection. It is always amazing to see what information your devices leak out (MAC address, open ports, OS detection, and user info)
I have enabled the 3g and the vpn package with rogers.
I now have a routable ip. 74.198.20.xxx over 3g!
(did this for us vpn and pandora / netflix to work!)
I add port 1720 to your list!
C:\Users\madlogik>nmap 74.198.20.xxx
Starting Nmap 5.00 ( http://nmap.org ) at 2010-06-12 11:03 Eastern Daylight Time
Interesting ports on 74.198.20.xxx:
Not shown: 993 closed ports
PORT STATE SERVICE
25/tcp filtered smtp
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1720/tcp open H.323/Q.931
4444/tcp filtered krb524
62078/tcp open iphone-sync
Nmap done: 1 IP address (1 host up) scanned in 26.14 seconds
I tried to telnet: I get a black screen.. I can type a few chars, then back to prompt..
I tried to ssh with putty: stays on a black screen…cant type.
has anyone found something to do with that port
Thank you so much, I had learn a lot form your article. Now I am conscious of protecting my ipad.