From: R. DuFresne (dufresne@sysinfo.com)
Date: Tue Oct 21 2003 - 15:26:25 EDT
Problem is though, finger printing by open default ports is not always
going to give the answers/OS you might think. Consider a unix system with
samba. Or an admin that has a clue and locks out some of the ports or
closes off un-needed services, or better yet, firewalls the box.
OS fingerprinting is not as plain and claer cut as it was perhaps a few
years ago <if it was even then>. Some of the better work in OS
fingerprinting these days seems to be in the realm of reading packets
returned by various OS's, like ping/traceroute packets and or some of the
settings in tcp packets.
Thanks,
Ron DuFresne
On Tue, 21 Oct 2003, lsi wrote:
> Open ports on a W2K default install:
>
> TCP 135
> TCP 445
> TCP 1025
>
> (1025 is something to do with the task scheduler)
>
> Open ports on a W98SE default install:
>
> TCP 139
>
> Stuart
>
> On 20 Oct 2003 at 14:59, Robert Masse wrote:
>
> Subject: Fingerprinting Windows O/S based on ports open?
> Date sent: Mon, 20 Oct 2003 14:59:13 -0400
> From: "Robert Masse" <rmasse@gosecure.ca>
> To: <pen-test@securityfocus.com>
>
> > Hi
> >
> > Does anyone have a matrix of TCP/UDP ports open per default install of
> > Windows (OS focused, not application focused like having tcp 80 for
> > iis)? I cannot use classic O/S fingerprinting with NMAP nor can I use
> > passive fingerprinting like P0f....
> >
> > I need a simple table like:
> >
> > Win95 Win98 NT4 W2K
> > ME XP
> >
> > TCP 133455 y n y
> > n n y
> > UDP 1234535 y n
> > TCP 1543637
> > TCP 4434565
> >
> > Etc
> >
> > Etc
> >
> > Of course the example I used above is bogus but I am too lazy to type in
> > all the results. I don't have access to 95, 98, ME etc so I cannot
> > verify myself.
> >
> > Any help would be appreciated; I need a list of ports per O/S soon for a
> > personal project.
> >
> > Once I have my information, I will post the results.
> >
> > Thanks
> >
> > Rob
> >
> > ---------------------------------------------------------------------------
> > FREE Whitepaper: Better Management for Network Security
> >
> > Looking for a better way to manage your IP security?
> > Learn how Solsoft can help you:
> > - Ensure robust IP security through policy-based management
> > - Make firewall, VPN, and NAT rules interoperable across heterogeneous
> > networks
> > - Quickly respond to network events from a central console
> >
> > Download our FREE whitepaper at:
> > http://www.securityfocus.com/sponsor/Solsoft_pen-test_031015
> > ----------------------------------------------------------------------------
>
>
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_pen-test_031015
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:41 EDT