Penetration Testing mailing list archives
Re: Fingerprinting Windows O/S based on ports open?
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 21 Oct 2003 15:26:25 -0400 (EDT)
Problem is though, finger printing by open default ports is not always going to give the answers/OS you might think. Consider a unix system with samba. Or an admin that has a clue and locks out some of the ports or closes off un-needed services, or better yet, firewalls the box. OS fingerprinting is not as plain and claer cut as it was perhaps a few years ago <if it was even then>. Some of the better work in OS fingerprinting these days seems to be in the realm of reading packets returned by various OS's, like ping/traceroute packets and or some of the settings in tcp packets. Thanks, Ron DuFresne On Tue, 21 Oct 2003, lsi wrote:
Open ports on a W2K default install: TCP 135 TCP 445 TCP 1025 (1025 is something to do with the task scheduler) Open ports on a W98SE default install: TCP 139 Stuart On 20 Oct 2003 at 14:59, Robert Masse wrote: Subject: Fingerprinting Windows O/S based on ports open? Date sent: Mon, 20 Oct 2003 14:59:13 -0400 From: "Robert Masse" <rmasse () gosecure ca> To: <pen-test () securityfocus com>Hi Does anyone have a matrix of TCP/UDP ports open per default install of Windows (OS focused, not application focused like having tcp 80 for iis)? I cannot use classic O/S fingerprinting with NMAP nor can I use passive fingerprinting like P0f.... I need a simple table like: Win95 Win98 NT4 W2K ME XP TCP 133455 y n y n n y UDP 1234535 y n TCP 1543637 TCP 4434565 Etc Etc Of course the example I used above is bogus but I am too lazy to type in all the results. I don't have access to 95, 98, ME etc so I cannot verify myself. Any help would be appreciated; I need a list of ports per O/S soon for a personal project. Once I have my information, I will post the results. Thanks Rob --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_pen-test_031015 ----------------------------------------------------------------------------
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_pen-test_031015
----------------------------------------------------------------------------
Current thread:
- Fingerprinting Windows O/S based on ports open? Robert Masse (Oct 20)
- Re: Fingerprinting Windows O/S based on ports open? lsi (Oct 21)
- Re: Fingerprinting Windows O/S based on ports open? R. DuFresne (Oct 22)
- Re: Fingerprinting Windows O/S based on ports open? Daniel K (Oct 23)
- Re: Fingerprinting Windows O/S based on ports open? lsi (Oct 21)