Re: Identify OS?
From: Benjamin Krueger (benjamin@seattlefenix.net)
Date: 01/31/03
- Previous message: Rafael Coninck Teigao: "Re: Identify OS?"
- In reply to: Nick Jacobsen: "Identify OS?"
- Next in thread: Kevin Reynolds: "Re: Identify OS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 31 Jan 2003 13:17:10 -0800 From: Benjamin Krueger <benjamin@seattlefenix.net> To: Nick Jacobsen <nick@ethicsdesign.com>
* Nick Jacobsen (nick@ethicsdesign.com) [030131 11:52]:
> Hey All again,
> Could any of you give me an idea of what type of machine the following might
> be, based on the ports open? it is sitting at xxx.xxx.xxx.001 on a network,
> so I am thinking it is some sort of gateway, but what OS/hardware? Below is
> the results of telnetting to port 23, and the ruslts of an nmap scan (tried
> the identify OS option, didn't do sh*t)
>
> Nick J.
> Ethics Design
> nick@ethicsdesign.com
>
> <----------------- Telnet results ---------------------------->
> Authorized uses only. All activity may be monitored and reported.
I'd try and get that vague banner changed. Obviously connecting is an
authorized use of the machine. This banner doesn't prohibit unauthorized
users though. =)
> login: cisco
> Password:
> Login incorrect
> <----------------- End Telnet Results ----------------------->
> <----------------- Nmap Scan Results ---------------------->
> 21/tcp open ftp
What does the FTP banner say?
> 22/tcp open ssh
What ssh version does it run? Does it have a banner configured?
> 23/tcp open telnet
> 53/tcp open domain
dig CHAOS version.bind TXT @<server>
> 111/tcp open sunrpc
rpcinfo <server>
> 161/tcp filtered snmp
> 162/tcp filtered snmptrap
> 389/tcp open ldap
> 512/tcp open exec
> 513/tcp open login
> 514/tcp open shell
> 1002/tcp open unknown
> 1169/tcp open unknown
> 1433/tcp filtered ms-sql-s
> 1720/tcp open H.323/Q.931
> 2410/tcp open unknown
> 2785/tcp open unknown
> 2786/tcp open unknown
> 6000/tcp open X11
> 6112/tcp open dtspc
> 7937/tcp open unknown
> 7938/tcp open unknown
> 32774/tcp open sometimes-rpc11
> 32775/tcp open sometimes-rpc13
> 32778/tcp open sometimes-rpc19
Have you tried connecting to some of the rservices, or X11 services?
You may try scanning again using Queso for os identification.
-- Benjamin Krueger ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Next message: Kevin Reynolds: "Re: Identify OS?"
- Previous message: Rafael Coninck Teigao: "Re: Identify OS?"
- In reply to: Nick Jacobsen: "Identify OS?"
- Next in thread: Kevin Reynolds: "Re: Identify OS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
