× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



HA!  You know what? I didn't even think about the fact that people would try
to hide their OS to prevent hacking.  DUH! I was just curious in a more
academic way about what OS's different sites were running.

As always Scott, you provided an answer that contained not only the answer
to the question, but so much more that we wouldn't even have ever
considered, but which is really good information regardless and gets a
person to thinking about things in a different way. 

Thanks! 


Shannon O'Donnell

 


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Scott Klement
Sent: Sunday, May 09, 2004 2:24 PM
To: Midrange Systems Technical Discussion
Subject: RE: Determining Operating System or Hardware via the Internet


Hi Shannon,

> Thanks for the responses.  I wasn't clear in what I was trying to do.  
> I would like to know if there is some way that I can tell what OS or 
> hardware a website is running on if all I know is the URL or the IP 
> address.  Maybe a command like TRACERT or PING or something?  Or a port
scanner possibly?

Most of the time people try to make sure you CAN'T find out what OS or
platform they're running!!  Almost all published security holes rely on you
running a particular operating system-- therefore the very first thing a
hacker will do is try to detect what operating system and platform you're
running.  Once they've determined that, they can see what the known security
holes are for that operating system and look for one that is exploitable on
your system.

You might try something like Nmap or Queso (if Queso is still around??
it's homepage appears to be gone...)
More about Nmap is here: http://www.insecure.org/nmap/

They use a technique known as "TCP/IP fingerprinting" which relies on quirks
in the OS to determine which OS it's running.  For example, you might send
an invalid sequence of IP packets that make no sense. (such as SYN, SYN+ACK,
FIN, FIN+ACK, SYN+FIN, PSH, SYN+XXX+YYY where XXX and YYY
are unused flags)   Since the standards don't define what should be done
in response, different OSes do different things.   By using a table of
which OSes give which types of responses, they try to detect what the OS
must be.

If you click on the "OS Detection" link on the Nmap web site (above) you'll
get more details on why OS detection is important for security, and how it
works, etc.

Naturally, a well designed firewall will prevent this sort of thing.  And
NAT may very well change the behavior, so it's not completely reliable.


> I'm just trying to guess what some websites are using as a web server.  
> It's not that important, really.  It just occurred to me to wonder 
> what places like Ebay and YAHOO were using for OS software and computing
hardware.

I can tell you that Yahoo! runs FreeBSD.  Here's an article about it:
http://www.ictp.trieste.it/~cfonda/sudan/OSs/references/freeBSD/Yahoo_and_Fr
eeBSD.html

Ebay runs Windows -- which was well known a few years ago when they had a
lot of problems with the systems going down and having to be restored from
backups :)  Nowadays they've enlisted IBM's help in making it stay up.
http://pages.ebay.com/ebay_IBM.html

Also, the server-string reported by the HTTP servers on the large sites may
give away what operating system they're running.  Netcraft.com allows you to
look this sort of thing up.  Especially for the large sites.
http://www.netcraft.com/whats

_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.