Re: Fingerprinting Windows O/S based on ports open?

• Previous message: Jeffrey: "RE: Mini Access Point"
• In reply to: lsi: "Re: Fingerprinting Windows O/S based on ports open?"
• Next in thread: Daniel K: "Re: Fingerprinting Windows O/S based on ports open?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 21 Oct 2003 15:26:25 -0400 (EDT)
To: lsi <stuart@cyberdelix.net>

Problem is though, finger printing by open default ports is not always
going to give the answers/OS you might think. Consider a unix system with
samba. Or an admin that has a clue and locks out some of the ports or
closes off un-needed services, or better yet, firewalls the box.

OS fingerprinting is not as plain and claer cut as it was perhaps a few
years ago <if it was even then>. Some of the better work in OS
fingerprinting these days seems to be in the realm of reading packets
returned by various OS's, like ping/traceroute packets and or some of the
settings in tcp packets.

Thanks,

Ron DuFresne

On Tue, 21 Oct 2003, lsi wrote:

> Open ports on a W2K default install:
>
> TCP 135
> TCP 445
> TCP 1025
>
> (1025 is something to do with the task scheduler)
>
> Open ports on a W98SE default install:
>
> TCP 139
>
> Stuart
>
> On 20 Oct 2003 at 14:59, Robert Masse wrote:
>
> Subject: Fingerprinting Windows O/S based on ports open?
> Date sent: Mon, 20 Oct 2003 14:59:13 -0400
> From: "Robert Masse" <rmasse@gosecure.ca>
> To: <pen-test@securityfocus.com>
>
> > Hi
> >
> > Does anyone have a matrix of TCP/UDP ports open per default install of
> > Windows (OS focused, not application focused like having tcp 80 for
> > iis)? I cannot use classic O/S fingerprinting with NMAP nor can I use
> > passive fingerprinting like P0f....
> >
> > I need a simple table like:
> >
> > Win95 Win98 NT4 W2K
> > ME XP
> >
> > TCP 133455 y n y
> > n n y
> > UDP 1234535 y n
> > TCP 1543637
> > TCP 4434565
> >
> > Etc
> >
> > Etc
> >
> > Of course the example I used above is bogus but I am too lazy to type in
> > all the results. I don't have access to 95, 98, ME etc so I cannot
> > verify myself.
> >
> > Any help would be appreciated; I need a list of ports per O/S soon for a
> > personal project.
> >
> > Once I have my information, I will post the results.
> >
> > Thanks
> >
> > Rob
> >
> > ---------------------------------------------------------------------------
> > FREE Whitepaper: Better Management for Network Security
> >
> > Looking for a better way to manage your IP security?
> > Learn how Solsoft can help you:
> > - Ensure robust IP security through policy-based management
> > - Make firewall, VPN, and NAT rules interoperable across heterogeneous
> > networks
> > - Quickly respond to network events from a central console
> >
> > Download our FREE whitepaper at:
> > http://www.securityfocus.com/sponsor/Solsoft_pen-test_031015
> > ----------------------------------------------------------------------------
>
>
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_pen-test_031015
----------------------------------------------------------------------------

• Previous message: Jeffrey: "RE: Mini Access Point"
• In reply to: lsi: "Re: Fingerprinting Windows O/S based on ports open?"
• Next in thread: Daniel K: "Re: Fingerprinting Windows O/S based on ports open?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Penetration Testing a CheckPoint NG FW on Nokia ... CISO, Security and Infrastructure Services ... CONFIDENTIALITY NOTICE: ... Interesting ports on XYZ: ... Opening a browser to TCP 18264 gave an "Internal ... (Pen-Test) RE: Fingerprinting Firewall ... The Professional Security Testers Warehouse ... Subject: Fingerprinting Firewall ... for example 256/18264/264 ports are open, ... (Pen-Test) OT: What will he do next? ... That was National Security. ... President Bush said Tuesday that a deal allowing an Arab company to take ... Senate Republican Leader Bill Frist urged the administration to ... Ports World, a state-owned business in the United Arab Emirates. ... (comp.sys.hp.mpe) Re: Political Analysis of Security Products ... > bee collected nor has any evidence of such a backdoor ever really been ... send several packets to ports on the target system. ... be used for booth sides of the security game. ... (Pen-Test) [security bulletin] SSRT4696 rev. 0 HP ProCurve Routing Switches TCP Denial of Service (DoS) ... SSRT4696 rev.0 HP ProCurve Routing Switches TCP ... The information in this Security bulletin should be acted upon ... (Bugtraq)