I
believe VMWare interfaces have their own MAC addresses - would be interesting to
study see OS fingerprints of a hosted VM box to see if there are any clues from
the operating system above (or VMWare itself).
-----Original Message-----
From: Duncanson, Robert [mailto:[EMAIL PROTECTED]]
Sent: 15 November 2002 16:44
To: 'Bruschi, Augusto Mr., (Systems Administration)'; [EMAIL PROTECTED]
Subject: RE: [ISSForum] scanning vmware stationsAugusto,It depends on what you're scanning for, and whether you're trying to find VMWare'd boxes, or trying to hide them.Typically you'd identify the host by a combination of banners, IP stack signatures and available services - software you happen to run on the host doesn't change that. In your case the linux host is still a linux host, just as running IE instead of explorer on a windows box won't change it from a windows box (unfortunately).On the other hand, your VMWare guest could be confgured with bridged networking, sharing the physical network interface with the host. Physical/bridge is the key, because scanning typically occurs at layer 3, certainly so with IP, and so the distinction between guest and host (which have different IP's, so you see two distinct hosts) is total. Basically,it's a red herring, you still have two IP hosts, they just happen to share the same hardware. (They only interact using IP anyway, so no funny stuff is going on)The only clue you may is if your MAC address gives the game away - but if it's the same there are any number of reasons to explain that, like somebody proxy arp:ing for another box. Could be a router doing it./Robert-----Original Message-----
From: Bruschi, Augusto Mr., (Systems Administration) [mailto:[EMAIL PROTECTED]]
Sent: 15 November 2002 08:09
To: [EMAIL PROTECTED]
Subject: [ISSForum] scanning vmware stations
Hello all,
question: if I scan a station that has Linux as host operating system and Windows 2000 Pro as guest operating system using VMWare software what will I see? A Linux based station or a Windows based station?
Thank you and good work to all.
Augusto Bruschi
System Administrator GrafenwoehrIMO/IASO/SA
U.S.Army
100 ASG MWR/MIS
DSN: 475 6401
Commercial: +499641-83-6401
[EMAIL PROTECTED]
----------------------------------------------------------------------
CONFIDENTIALITY: This e-mail and any files transmitted with it are
confidential and intended solely for the use of the recipient(s) only.
Any review, retransmission, dissemination or other use of, or taking
any action in reliance upon this information by persons or entities
other than the intended recipient(s) is prohibited. If you have
received this e-mail in error please notify the sender immediately
and destroy the material whether stored on a computer or otherwise.
----------------------------------------------------------------------
DISCLAIMER: Any views or opinions presented within this e-mail are
solely those of the author and do not necessarily represent those
of Corsaire Limited, unless otherwise specifically stated.
----------------------------------------------------------------------
Corsaire Limited, 3 Tannery House, Tannery Lane, Send, Surrey, GU23 7EF
Telephone: +44(0)1483-226000 Email:[EMAIL PROTECTED]
