Re: Identify OS?

From: Benjamin Krueger (benjamin@seattlefenix.net)
Date: Fri Jan 31 2003 - 16:17:10 EST


* Nick Jacobsen (nick@ethicsdesign.com) [030131 11:52]:
> Hey All again,
> Could any of you give me an idea of what type of machine the following might
> be, based on the ports open? it is sitting at xxx.xxx.xxx.001 on a network,
> so I am thinking it is some sort of gateway, but what OS/hardware? Below is
> the results of telnetting to port 23, and the ruslts of an nmap scan (tried
> the identify OS option, didn't do sh*t)
>
> Nick J.
> Ethics Design
> nick@ethicsdesign.com
>
> <----------------- Telnet results ---------------------------->
> Authorized uses only. All activity may be monitored and reported.

I'd try and get that vague banner changed. Obviously connecting is an
authorized use of the machine. This banner doesn't prohibit unauthorized
users though. =)

> login: cisco
> Password:
> Login incorrect
> <----------------- End Telnet Results ----------------------->
> <----------------- Nmap Scan Results ---------------------->
> 21/tcp open ftp

What does the FTP banner say?

> 22/tcp open ssh

What ssh version does it run? Does it have a banner configured?

> 23/tcp open telnet
> 53/tcp open domain

dig CHAOS version.bind TXT @<server>

> 111/tcp open sunrpc

rpcinfo <server>

> 161/tcp filtered snmp
> 162/tcp filtered snmptrap
> 389/tcp open ldap
> 512/tcp open exec
> 513/tcp open login
> 514/tcp open shell
> 1002/tcp open unknown
> 1169/tcp open unknown
> 1433/tcp filtered ms-sql-s
> 1720/tcp open H.323/Q.931
> 2410/tcp open unknown
> 2785/tcp open unknown
> 2786/tcp open unknown
> 6000/tcp open X11
> 6112/tcp open dtspc
> 7937/tcp open unknown
> 7938/tcp open unknown
> 32774/tcp open sometimes-rpc11
> 32775/tcp open sometimes-rpc13
> 32778/tcp open sometimes-rpc19

Have you tried connecting to some of the rservices, or X11 services?
You may try scanning again using Queso for os identification.

-- 
Benjamin Krueger
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT