ich versuche mich gerade ein bisschen in die Security einzuarbeiten. Nun will ich meine Recher per OS Fingerprintig testen und bekommen mit unterschiedlichen Tools ganz andere Resultate
es läuft ein Red Hat Shrike.Code: Alles auswählen
# nmap -O 212.41.85.136
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on adsl-212-41-85-136.solnet.ch (212.41.85.136):
(The 1599 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
53/tcp open domain
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=3.00%P=i386-redhat-linux-gnu%D=8/9%Time=3F3507B0%O=22%C=1)
TSeq(Class=TR%IPID=Z%TS=100HZ)
T1(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
Uptime 4.420 days (since Tue Aug 5 06:34:26 2003)
Nmap run completed -- 1 IP address (1 host up) scanned in 37 seconds
zu NMAP könnt ihr mir helfen, diese Werte zu analysieren z.B PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
dann noch Xprobe2:
Code: Alles auswählen
# xprobe2 -v 212.41.85.136
Xprobe2 v.0.2rc1 Copyright (c) 2002-2003 fygrave@tigerteam.net, ofir@sys-security.com, meder@areopag.net
[+] Target is 212.41.85.136
[+] Loading modules.
[+] Following modules are loaded:
[x] [1] ping:icmp_ping - ICMP echo discovery module
[x] [2] ping:tcp_ping - TCP-based ping discovery module
[x] [3] ping:udp_ping - UDP-based ping discovery module
[x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
[x] [5] infogather:portscan - TCP and UDP PortScanner
[x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
[x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module[x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
[x] [9] fingerprint:icmp_info - ICMP Information request fingerprinting module[x] [10] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting
module
[x] [11] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
[+] 11 modules registered
[+] Initializing scan engine
[+] Running scan engine
[-] ping:tcp_ping module: no closed/open TCP ports known on 212.41.85.136. Module test failed
[-] ping:udp_ping module: no closed/open UDP ports known on 212.41.85.136. Module test failed
[+] No distance calculation. 212.41.85.136 appears to be dead or no ports known
[+] Host: 212.41.85.136 is up (Guess probability: 25%)
[+] Target: 212.41.85.136 is alive. Round-Trip Time: 0.03762 sec
[+] Selected safe Round-Trip Time value is: 0.07523 sec
[+] Primary guess:
[+] Host 212.41.85.136 Running OS: "FreeBSD 4.4" (Guess probability: 65%)
[+] Other guesses:
[+] Host 212.41.85.136 Running OS: "FreeBSD 4.5" (Guess probability: 65%)
[+] Host 212.41.85.136 Running OS: "FreeBSD 4.6" (Guess probability: 65%)
[+] Host 212.41.85.136 Running OS: "FreeBSD 4.6.2" (Guess probability: 65%)
[+] Host 212.41.85.136 Running OS: "FreeBSD 4.7" (Guess probability: 65%)
[+] Host 212.41.85.136 Running OS: "FreeBSD 4.8" (Guess probability: 65%)
[+] Host 212.41.85.136 Running OS: "FreeBSD 5.0" (Guess probability: 65%)
[+] Host 212.41.85.136 Running OS: "FreeBSD 5.1" (Guess probability: 65%)
[+] Host 212.41.85.136 Running OS: "HP JetDirect ROM L.20.07 EEPROM L.20.24" (Guess probability: 62%)
[+] Host 212.41.85.136 Running OS: "Linux Kernel 2.4.20" (Guess probability: 56%)
[+] Cleaning up scan engine
[+] Modules deinitialized
[+] Execution completed.
herzlichen Dank
viele Grüsse
