It is definately not a cisco box. Cisco can only give you two prompts, "password:" by default or "Username:" when using AAA. Too many ports are open to be a networking device anyway. Looking at the ports that are open, some flavor of *nix is a good bet. Could be a *nix acting as a router. Kevin ----- Original Message ----- From: "Nick Jacobsen" <nickat_private> To: <pen-testat_private> Sent: Friday, January 31, 2003 2:33 AM Subject: Identify OS? > Hey All again, > Could any of you give me an idea of what type of machine the following might > be, based on the ports open? it is sitting at xxx.xxx.xxx.001 on a network, > so I am thinking it is some sort of gateway, but what OS/hardware? Below is > the results of telnetting to port 23, and the ruslts of an nmap scan (tried > the identify OS option, didn't do sh*t) > > Nick J. > Ethics Design > nickat_private > > <----------------- Telnet results ----------------------------> > Authorized uses only. All activity may be monitored and reported. > login: cisco > Password: > Login incorrect > <----------------- End Telnet Results -----------------------> > <----------------- Nmap Scan Results ----------------------> > 21/tcp open ftp > 22/tcp open ssh > 23/tcp open telnet > 53/tcp open domain > 111/tcp open sunrpc > 161/tcp filtered snmp > 162/tcp filtered snmptrap > 389/tcp open ldap > 512/tcp open exec > 513/tcp open login > 514/tcp open shell > 1002/tcp open unknown > 1169/tcp open unknown > 1433/tcp filtered ms-sql-s > 1720/tcp open H.323/Q.931 > 2410/tcp open unknown > 2785/tcp open unknown > 2786/tcp open unknown > 6000/tcp open X11 > 6112/tcp open dtspc > 7937/tcp open unknown > 7938/tcp open unknown > 32774/tcp open sometimes-rpc11 > 32775/tcp open sometimes-rpc13 > 32778/tcp open sometimes-rpc19 > Too many fingerprints match this host for me to give an accurate OS guess > TCP/IP fingerprint: > SInfo(V=3.10ALPHA7%P=i686-pc-windows-windows%D=1/30%Time=3E394B34%O=21%C=1) > T1(Resp=N) > T2(Resp=N) > T3(Resp=N) > T4(Resp=N) > T5(Resp=N) > T6(Resp=N) > T7(Resp=N) > PU(Resp=N) > <--------------------- End Nmap Scan Results ----------> > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 14:37:41 PST