Security Basics mailing list archives
Re: Win95 detection
From: miguel.dilaj () pharma novartis com
Date: Tue, 7 Dec 2004 17:40:52 +0000
Hello Samuel, I know the feeling. Sometimes nmap is not able to differentiate between Win9x/ME platforms (once ago I read that someone, probably Fyodor, said that the reason is that all have exactly the same TCP/IP stack).
From my experience with OS detection tools, I remember one named queso,
created by the spanish group Apostolz or something like that. It was not very good, sometimes it gave totally wrong information, saying that a box was UNIX when it was Windows, but on the other hand when it HIT, it was far more accurate than nmap. Said that, try to get hold of queso, use nmap first to identify the Win9x/ME boxes, then run queso against them, if queso says it's Novell, forget about that, but if it says Win95 instead of 98 or ME, probably it's being right. Cheers, Miguel Dilaj (Nekromancer) Vice-President of IT Security Research, OISSG PD: extract from http://www.opal.dhs.org/docs/remote-analysis/work/os-detection.html : "QueSO is quite hard to find. The upstream home page does not respond and the project seems abandoned. Anyway it performs well and is available in Debian (with the release from 1998) so it is usable.". Hope this info helps... "Samuel Petreski" <petreski () ksu edu> 30/11/2004 21:52 Please respond to petreski To: <security-basics () securityfocus com> cc: (bcc: Miguel Dilaj/PH/Novartis) Subject: Win95 detection I have been given the task to scan for hosts that are running Windows 95 on the network. I have tried scanning with Nmap and Nessus, however they cannot distinguish the hosts between 95/98/ME. I was wondering if anyone has run across a tool that is able to detect Win95 hosts on the network. Thanks for your help. Samuel Petreski [ Attachment ''SMIME.P7S'' removed by Miguel Dilaj ]
Current thread:
- RE: Win95 detection Trevor Cushen (Dec 01)
- RE: Win95 detection Samuel Petreski (Dec 01)
- Re: Win95 detection Travis Foley (Dec 02)
- Re: Win95 detection Micheal Espinola Jr (Dec 02)
- Re: Win95 detection Nathaniel Hall (Dec 02)
- <Possible follow-ups>
- RE: Win95 detection Jeff Gercken (Dec 02)
- RE: Win95 detection Samuel Petreski (Dec 02)
- RE: Win95 detection Jeff Gercken (Dec 03)
- Re: Win95 detection H Carvey (Dec 03)
- Re: Win95 detection q q (Dec 07)
- Re: Win95 detection miguel . dilaj (Dec 07)
- RE: Win95 detection Samuel Petreski (Dec 01)