If it is responding to SNMP, attempt to walk the MIB. That should tell you exactly what it is. If you have access to the segment it is on, you can sniff the wire for the community string to use. You could also try to pull the FTP banners from it. If it is a native windows box, it will pretty clearly tell you so. My bet though, and it is a WAG, is some flavor of unix. Too many *nix type ports opened, not enough MS type ports (yeah, I know, not a very scientific approach). Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+ Senior QA Rep. BMC Software, Inc. (713) 918-2412 wnoonanat_private http://www.bmc.com > -----Original Message----- > From: Nick Jacobsen [mailto:nickat_private] > Sent: Friday, January 31, 2003 01:33 > To: pen-testat_private > Subject: Identify OS? > > Hey All again, > Could any of you give me an idea of what type of machine the following > might > be, based on the ports open? it is sitting at xxx.xxx.xxx.001 on a > network, > so I am thinking it is some sort of gateway, but what OS/hardware? Below > is > the results of telnetting to port 23, and the ruslts of an nmap scan > (tried > the identify OS option, didn't do sh*t) > > Nick J. > Ethics Design > nickat_private > > <----------------- Telnet results ----------------------------> > Authorized uses only. All activity may be monitored and reported. > login: cisco > Password: > Login incorrect > <----------------- End Telnet Results -----------------------> > <----------------- Nmap Scan Results ----------------------> > 21/tcp open ftp > 22/tcp open ssh > 23/tcp open telnet > 53/tcp open domain > 111/tcp open sunrpc > 161/tcp filtered snmp > 162/tcp filtered snmptrap > 389/tcp open ldap > 512/tcp open exec > 513/tcp open login > 514/tcp open shell > 1002/tcp open unknown > 1169/tcp open unknown > 1433/tcp filtered ms-sql-s > 1720/tcp open H.323/Q.931 > 2410/tcp open unknown > 2785/tcp open unknown > 2786/tcp open unknown > 6000/tcp open X11 > 6112/tcp open dtspc > 7937/tcp open unknown > 7938/tcp open unknown > 32774/tcp open sometimes-rpc11 > 32775/tcp open sometimes-rpc13 > 32778/tcp open sometimes-rpc19 > Too many fingerprints match this host for me to give an accurate OS guess > TCP/IP fingerprint: > SInfo(V=3.10ALPHA7%P=i686-pc-windows- > windows%D=1/30%Time=3E394B34%O=21%C=1) > T1(Resp=N) > T2(Resp=N) > T3(Resp=N) > T4(Resp=N) > T5(Resp=N) > T6(Resp=N) > T7(Resp=N) > PU(Resp=N) > <--------------------- End Nmap Scan Results ----------> > > > -------------------------------------------------------------------------- > -- > This list is provided by the SecurityFocus Security Intelligence Alert > (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please > see: > https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 13:18:58 PST