Nick, Here's my two cents. It looks like a commercial version of Unix. My guess is Solaris. The first thing that struck me was port 6112/dtspc. I'm pretty sure that is a subprocess of CDE, so I doubt it's a Linux box. Kevin is right about it not being a cisco box. There is no way it's cisco. Look at port 7937/7938 open. That's Legato Networker 5.5 or later, it only runs on AIX, Solaris, IRIX, HP-UX, Linux, & Tru64. It also runs on windows, but this isn't a windows box. And it doesn't run on cisco. It looks like a honeypot or a dead ringer for a newbie install. When you did an nslookup, did it return "two-dollar-hooker.i-am-so-owned.com." ? I thought so. As was indicated before. Connect to as many ports as you can, and document the versions of the daemons listening from their blathering banners. Good luck. I wonder if someone has already compiled a db containing what versions of popular daemons are included in various releases of *nix. Hope this helps. Marty Wasson Global Information Security MasterCard International (636) 722-2372 martin_wassonat_private "Nick Jacobsen" <nick@ethicsdesig To: <pen-testat_private> n.com> cc: (bcc: Martin Wasson/STL/MASTERCARD) Subject: Identify OS? 01/31/03 01:33 AM Please respond to "Nick Jacobsen" Hey All again, Could any of you give me an idea of what type of machine the following might be, based on the ports open? it is sitting at xxx.xxx.xxx.001 on a network, so I am thinking it is some sort of gateway, but what OS/hardware? Below is the results of telnetting to port 23, and the ruslts of an nmap scan (tried the identify OS option, didn't do sh*t) Nick J. Ethics Design nickat_private <----------------- Telnet results ----------------------------> Authorized uses only. All activity may be monitored and reported. login: cisco Password: Login incorrect <----------------- End Telnet Results -----------------------> <----------------- Nmap Scan Results ----------------------> 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 53/tcp open domain 111/tcp open sunrpc 161/tcp filtered snmp 162/tcp filtered snmptrap 389/tcp open ldap 512/tcp open exec 513/tcp open login 514/tcp open shell 1002/tcp open unknown 1169/tcp open unknown 1433/tcp filtered ms-sql-s 1720/tcp open H.323/Q.931 2410/tcp open unknown 2785/tcp open unknown 2786/tcp open unknown 6000/tcp open X11 6112/tcp open dtspc 7937/tcp open unknown 7938/tcp open unknown 32774/tcp open sometimes-rpc11 32775/tcp open sometimes-rpc13 32778/tcp open sometimes-rpc19 Too many fingerprints match this host for me to give an accurate OS guess TCP/IP fingerprint: SInfo(V=3.10ALPHA7%P=i686-pc-windows-windows%D=1/30%Time=3E394B34%O=21%C=1) T1(Resp=N) T2(Resp=N) T3(Resp=N) T4(Resp=N) T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) <--------------------- End Nmap Scan Results ----------> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Feb 03 2003 - 11:24:26 PST