OS Fingerprinting
Discini, Sonny
Sonny.Discini at montgomerycountymd.gov
Tue Aug 10 11:50:20 EDT 2004
Ports 139 and 445 are unique to Windows hosts and I'm not sure why you
are hitting port 113. This plugin works by sending MSRPC traffic to port
135 which obviously does not apply to Linux. It will also attempt to hit
port 123 looking for a listening NTP client. If all fails, it will send
malformed ICMP traffic in attempts to identify the remote OS. Are there
any restrictions on ICMP traffic on your network?
Sonny Discini
Senior Network Security Engineer
Department of Technology Services
100 Maryland Avenue, Room 302E
Rockville, MD 20850
Tel: 240-773-8694
Fax: 240-777-2856
e-mail: sonny.discini at montgomerycountymd.gov
-----Original Message-----
From: nessus-bounces at list.nessus.org
[mailto:nessus-bounces at list.nessus.org] On Behalf Of Samuel Petreski
Sent: Tuesday, August 10, 2004 10:52 AM
To: nessus at list.nessus.org
Subject: OS Fingerprinting
Hi,
I'm trying to use plugin OS Identification (11936), and am having
problems when fingerprinting a Linux host. I have enabled scanning of
ports TCP 139,445 and UDP 113 and also am Ping the remote host and SYN
Scan. I'm using Nessus 2.0.10.
I have been successful in identifying all Windows flavors, but have had
no luck with any Linux flavor.
Any help would be appreciated.
--Samuel
_______________________________________________
Nessus mailing list
Nessus at list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
More information about the Nessus
mailing list