Penetration Testing mailing list archives

Re: Identifying Machines

From: Blake Frantz <blake () mc net>
Date: Mon, 18 Jun 2001 21:43:49 -0500 (CDT)


Hello,

Provided the target machine is generating *some* type of traffic
and you have the ability to sniff, passive OS fingerprinting would provide
some information about the host.  If my memory serves me, Nelson Brito
<nelson () secunet com br> released a PERL script some time ago called
signatures.pl that does just this -- I have the script but I misplaced
'fingerprint.db', the scripts counterpart.

Lance Spitzner wrote a paper describing techniques to perform passive
fingerprinting which can be downloaded at:
http://packetstorm.securify.com/papers/IDS/fingerprinting.txt

Last but not least Jose Nazario has a similar documnet in pdf format which
can be downloaded from:
http://packetstorm.securify.com/papers/protocols/passive.pdf

Hope this helps,

-Blake

On Mon, 18 Jun 2001, Rick Who Else? wrote:


I'm looking for as many ways as possible to identify machines on a network. 
Considering ICMP is disabled, and all ports on the end machine are closed.


Ideas? the more the merrier.

This question goes for NT, 2K, and Unix/Unix-like machines.

Thanks,
Rick
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

Current thread:

Identifying Machines Rick Who Else? (Jun 18)
- Re: Identifying Machines Blake Frantz (Jun 19)
- Re: Identifying Machines Don Tansey (Jun 19)
- Re: Identifying Machines Lance Spitzner (Jun 19)
- <Possible follow-ups>
- Re: Identifying Machines Rick Who Else? (Jun 19)
  - Re: Identifying Machines Jose Nazario (Jun 19)
  - Re: Identifying Machines Crist Clark (Jun 19)
    - Re: Identifying Machines Blake Frantz (Jun 20)
  - Re: Identifying Machines Ryan Russell (Jun 19)
- RE: Identifying Machines Yonatan Bokovza (Jun 19)
- Re: Identifying Machines Jeremy Sanders (Jun 19)
- Re: Identifying Machines Victor A. Rodriguez (Jun 19)