HIGH: Accessible Radmin Report

DESCRIPTION LAST UPDATED: 2023-12-27

DEFAULT SEVERITY LEVEL: HIGH

This report identifies hosts that have a Radmin service running on port 4899/TCP and accessible from the Internet. As with all remote access tools, care should be taken to make sure the service is configured in a secure manner and the security implications of making it accessible from anywhere on the Internet taken into account.

You can track the latest Radmin scan results on our Dashboard.

We first announced the scan in a blog post titled Accessible Radmin Report – Exposed Radmin Services on the Internet.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page.

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the response came on (always TCP)
  • port
    Port that the response came from (4899/TCP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Always set to radmin
  • version
    Radmin version detected
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • sector
    Sector the IP belongs to

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","version","asn","geo","region","city","naics","hostname_source","sector"
"2010-02-10 00:00:00",high,192.168.0.1,tcp,4899,node01.example.com,radmin,"Radmin v3.X Windows Authentication",64512,ZZ,Region,City,0,,"Communications, Service Provider, and Hosting Service"
"2010-02-10 00:00:01",high,192.168.0.2,tcp,4899,node02.example.com,radmin,"Radmin v3.3 Windows",64512,ZZ,Region,City,0,ptr,"Communications, Service Provider, and Hosting Service"
"2010-02-10 00:00:02",high,192.168.0.3,tcp,4899,node03.example.com,radmin,"Radmin v3.X Radmin Authentication",64512,ZZ,Region,City,0,ptr,

Our 132 Report Types