Hello, Provided the target machine is generating *some* type of traffic and you have the ability to sniff, passive OS fingerprinting would provide some information about the host. If my memory serves me, Nelson Brito <nelsonat_private> released a PERL script some time ago called signatures.pl that does just this -- I have the script but I misplaced 'fingerprint.db', the scripts counterpart. Lance Spitzner wrote a paper describing techniques to perform passive fingerprinting which can be downloaded at: http://packetstorm.securify.com/papers/IDS/fingerprinting.txt Last but not least Jose Nazario has a similar documnet in pdf format which can be downloaded from: http://packetstorm.securify.com/papers/protocols/passive.pdf Hope this helps, -Blake On Mon, 18 Jun 2001, Rick Who Else? wrote: > > I'm looking for as many ways as possible to identify machines on a network. > Considering ICMP is disabled, and all ports on the end machine are closed. > > > Ideas? the more the merrier. > > This question goes for NT, 2K, and Unix/Unix-like machines. > > Thanks, > Rick > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com > >
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 14:18:09 PDT