|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: OS Fingerprints
From: GomoR (sfml
gomor.org)
Date: Wed Oct 05 2005 - 07:59:10 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Oct 04, 2005 at 03:07:27PM +0100, BSK wrote:
> Dear All,
>
> Some time back I came across a document that listed a
> table with Operating systems and their TTL that helped
> identify an operating system.
>
> I've been trying to search that document on Internet
> and my machine but not successful yet. Can someone
> point me to that or similar document.
>
> Basically I'm looking for information which helps us
> identify the target operating system from its TTL
> field obtained while ping. The document for example
> listed that if the TTL is 128 its likely to be M$ and
> if its 64 its likely to be Cisco Router or switch.
>
> Await your reply.
>
> rgds,
> Bshan
Hello,
if you want a simple trick to do OS fingerprinting, I
suggest you to use the initial window size of a TCP session
establishement.
If you use that, you can create a table for each OS I've
seen by parsing the file at:
http://www.gomor.org/files/net-sinfp-db-export.txt
Or better, use the database in SQLite format:
DB Schema:
http://www.gomor.org/files/net-sinfp-db-schema.ps
DB:
http://www.gomor.org/files/sinfp.db
Or even better, use SinFP:
http://www.gomor.org/cgi-bin/index.pl?mode=view;page=net_sinfp
Best regards,
--
^ ___ ___ FreeBSD Network - http://www.GomoR.org/ <-+
| / __ |__/ Systems & Security Engineer |
| \__/ | \ ---[ zsh$ alias psed='perl -pe ' ]--- |
+--> Net::Packet <=> http://search.cpan.org/~gomor/ <--+
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]