Penetration Testing mailing list archives
Re: OS Fingerprints
From: "Francisco Pecorella" <fpecor () cantv net>
Date: Wed, 5 Oct 2005 10:28:36 -0400
Hi BSK, OS fingerprinting is typically done with ICMP type 8's as well as TCP SYN packets. Not always the initial TTL is enough to identify an operative system. May be helpul this link: http://www.sans.org/resources/idfaq/tcp_fingerprinting.php If you want to know the initial TTL for differents OS, some of them are: 60: IRIX 64: Sony PS 2, AIX, NetBSD, Mac OS 10, OpenBSD. 128: Novell, Windows XP. 255: Cisco IOS, Solaris. You can also use fields like Window Size, bit DF, Packet Size, NOP Flag,etc. Hope it is helpful this. -- Regards, FP----- Original Message ----- From: "BSK" <bishan4u () yahoo co uk>
To: <pen-test () securityfocus com> Sent: Tuesday, October 04, 2005 10:07 AM Subject: OS Fingerprints
Dear All, Some time back I came across a document that listed a table with Operating systems and their TTL that helped identify an operating system. I've been trying to search that document on Internet and my machine but not successful yet. Can someone point me to that or similar document. Basically I'm looking for information which helps us identify the target operating system from its TTL field obtained while ping. The document for example listed that if the TTL is 128 its likely to be M$ and if its 64 its likely to be Cisco Router or switch. Await your reply. rgds, Bshan ___________________________________________________________To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do!Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- OS Fingerprints BSK (Oct 05)
- Re: OS Fingerprints Franck Veysset (Oct 05)
- Re: OS Fingerprints Daniele Bellucci (Oct 05)
- RE: OS Fingerprints Omar (Oct 05)
- RE: OS Fingerprints JB (Oct 05)
- Re: OS Fingerprints GomoR (Oct 05)
- Re: OS Fingerprints Dragos Ruiu (Oct 06)
- Re: OS Fingerprints Nicolas Gregoire (Oct 05)
- Re: OS Fingerprints Francisco Pecorella (Oct 05)
- Re: OS Fingerprints Tim (Oct 05)
- Re: OS Fingerprints Joe Matusiewicz (Oct 05)
- RE: OS Fingerprints Omar A. Herrera (Oct 05)
- Re: OS Fingerprints Chuck (Oct 05)
- <Possible follow-ups>
- Re: OS Fingerprints Don Parker (Oct 05)
- RE: OS Fingerprints ankush.kapoor (Oct 05)
- Re: OS Fingerprints BSK (Oct 05)
- Re: OS Fingerprints sumit . siddharth (Oct 05)
- Re: OS Fingerprints BSK (Oct 05)
- Re: OS Fingerprints Francisco Pecorella (Oct 06)
(Thread continues...)