I have device in my local network just called “Samsung”. I do not own a Samsung device so I became suspicous. The Mac address also indicates Samsung: 28:E6:A9:C6:3E:3A
I checked the open ports using nmap. The following ports are open:
PORT STATE SERVICE
8008/tcp open http
8009/tcp open ajp13
8080/tcp open http-proxy
8443/tcp open https-alt
10001/tcp open scp-config
I tried accessing port 8080 via http (get a 403) and port 8443 through https (get a 404, no certificate information)
Is this combination of ports known for something malicious? Are there other tools to get more information? (I am running Linux)
This is a private single home, not a company, so no unknown device should be there at all. I already blocked Internet access via Route (no ports have been open from the outside according to my router)
The device is connected through a WiFi Repeater (with a good WPA2 Password)
