RE: Identify OS?

From: Pete Herzog (lists@isecom.org)
Date: Tue Feb 04 2003 - 10:11:01 EST


Marty,

Dru, who runs the Open Protocol Resource Project at
http://www.isecom.org/projects/protocolresource.htm is actually interested
now in taking the resource a step further and putting together a database of
default install protocols for various versions of OSes is looking for help.
I think the DB has a lot of potential for pen-testers.

Sincerely,
-pete.

-----Original Message-----
From: Martin Wasson [mailto:martin_wasson@mastercard.com]
Sent: Monday, February 03, 2003 7:45 PM
To: Nick Jacobsen
Cc: pen-test@securityfocus.com
Subject: Re: Identify OS?

Nick,
Here's my two cents. It looks like a commercial version of Unix. My guess
is Solaris. The first thing that struck me was port 6112/dtspc. I'm
pretty sure that is a subprocess of CDE, so I doubt it's a Linux box.
Kevin is right about it not being a cisco box. There is no way it's cisco.
Look at port 7937/7938 open. That's Legato Networker 5.5 or later, it only
runs on AIX, Solaris, IRIX, HP-UX, Linux, & Tru64. It also runs on
windows, but this isn't a windows box. And it doesn't run on cisco. It
looks like a honeypot or a dead ringer for a newbie install. When you did
an nslookup, did it return "two-dollar-hooker.i-am-so-owned.com." ? I
thought so. As was indicated before. Connect to as many ports as you can,
and document the versions of the daemons listening from their blathering
banners. Good luck. I wonder if someone has already compiled a db
containing what versions of popular daemons are included in various
releases of *nix. Hope this helps.

Marty Wasson
Global Information Security
MasterCard International
(636) 722-2372
martin_wasson@mastercard.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT