Marty, Dru, who runs the Open Protocol Resource Project at http://www.isecom.org/projects/protocolresource.htm is actually interested now in taking the resource a step further and putting together a database of default install protocols for various versions of OSes is looking for help. I think the DB has a lot of potential for pen-testers. Sincerely, -pete. -----Original Message----- From: Martin Wasson [mailto:martin_wassonat_private] Sent: Monday, February 03, 2003 7:45 PM To: Nick Jacobsen Cc: pen-testat_private Subject: Re: Identify OS? Nick, Here's my two cents. It looks like a commercial version of Unix. My guess is Solaris. The first thing that struck me was port 6112/dtspc. I'm pretty sure that is a subprocess of CDE, so I doubt it's a Linux box. Kevin is right about it not being a cisco box. There is no way it's cisco. Look at port 7937/7938 open. That's Legato Networker 5.5 or later, it only runs on AIX, Solaris, IRIX, HP-UX, Linux, & Tru64. It also runs on windows, but this isn't a windows box. And it doesn't run on cisco. It looks like a honeypot or a dead ringer for a newbie install. When you did an nslookup, did it return "two-dollar-hooker.i-am-so-owned.com." ? I thought so. As was indicated before. Connect to as many ports as you can, and document the versions of the daemons listening from their blathering banners. Good luck. I wonder if someone has already compiled a db containing what versions of popular daemons are included in various releases of *nix. Hope this helps. Marty Wasson Global Information Security MasterCard International (636) 722-2372 martin_wassonat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Feb 04 2003 - 10:48:47 PST