|
HA! You know what? I didn't even think about the fact that people would try to hide their OS to prevent hacking. DUH! I was just curious in a more academic way about what OS's different sites were running. As always Scott, you provided an answer that contained not only the answer to the question, but so much more that we wouldn't even have ever considered, but which is really good information regardless and gets a person to thinking about things in a different way. Thanks! Shannon O'Donnell -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Scott Klement Sent: Sunday, May 09, 2004 2:24 PM To: Midrange Systems Technical Discussion Subject: RE: Determining Operating System or Hardware via the Internet Hi Shannon, > Thanks for the responses. I wasn't clear in what I was trying to do. > I would like to know if there is some way that I can tell what OS or > hardware a website is running on if all I know is the URL or the IP > address. Maybe a command like TRACERT or PING or something? Or a port scanner possibly? Most of the time people try to make sure you CAN'T find out what OS or platform they're running!! Almost all published security holes rely on you running a particular operating system-- therefore the very first thing a hacker will do is try to detect what operating system and platform you're running. Once they've determined that, they can see what the known security holes are for that operating system and look for one that is exploitable on your system. You might try something like Nmap or Queso (if Queso is still around?? it's homepage appears to be gone...) More about Nmap is here: http://www.insecure.org/nmap/ They use a technique known as "TCP/IP fingerprinting" which relies on quirks in the OS to determine which OS it's running. For example, you might send an invalid sequence of IP packets that make no sense. (such as SYN, SYN+ACK, FIN, FIN+ACK, SYN+FIN, PSH, SYN+XXX+YYY where XXX and YYY are unused flags) Since the standards don't define what should be done in response, different OSes do different things. By using a table of which OSes give which types of responses, they try to detect what the OS must be. If you click on the "OS Detection" link on the Nmap web site (above) you'll get more details on why OS detection is important for security, and how it works, etc. Naturally, a well designed firewall will prevent this sort of thing. And NAT may very well change the behavior, so it's not completely reliable. > I'm just trying to guess what some websites are using as a web server. > It's not that important, really. It just occurred to me to wonder > what places like Ebay and YAHOO were using for OS software and computing hardware. I can tell you that Yahoo! runs FreeBSD. Here's an article about it: http://www.ictp.trieste.it/~cfonda/sudan/OSs/references/freeBSD/Yahoo_and_Fr eeBSD.html Ebay runs Windows -- which was well known a few years ago when they had a lot of problems with the systems going down and having to be restored from backups :) Nowadays they've enlisted IBM's help in making it stay up. http://pages.ebay.com/ebay_IBM.html Also, the server-string reported by the HTTP servers on the large sites may give away what operating system they're running. Netcraft.com allows you to look this sort of thing up. Especially for the large sites. http://www.netcraft.com/whats _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.