Re: VMWare

Thu, 21 Dec 2006 03:20:17 -0800 

Nitin,

> While scanning networks how good is nessus in identifying VMWare
> running machines?
There seems to be no plugin doing that (altough it seems to be a good idea to me). But as long as the MAC Adresses within the VMware are not changed, you can identify those systems by having a look at the vendor part of the MAC. I would just do a quick nmap scan to resolve that. 

 [EMAIL PROTECTED] ~]# nmap -sS -O mysystem.mynetwork.local
 Starting Nmap 4.20 ( http://insecure.org ) at 2006-12-21 12:06 CET
 Interesting ports on mysystem.mynetwork.local:
 Not shown: 1696 filtered ports
 PORT      STATE  SERVICE
 22/tcp    open   ssh
 MAC Address: 00:0C:29:74:34:44 (VMware)


> Does nesssus scan and report OS and Applications on VMWare
> successfully?
Mandriva Linux 10.2 on VMware-Server

 Security Note found (general/tcp)
 Plugin-ID      11936
 Description    Nessus was not able to reliably identify the remote
                operating system. It might be:
                 IBM OS/400
                 Linux Kernel 2.4
                 SCO UnixWare 8.0


Mandriva Linux 10.2 on "real" device (same patchlevel as vmware 
installation)


 Security Note found (general/tcp)
 Plugin-ID      11936
 Description    The remote host is running Linux Kernel
                 2.6.12-27mdk-i686-up-4GB (i386)


It seems like the beaviour for fingerpriting the OS changes (Layer 2(?), 
3 and 4) when using VMware. This does not affect any application, for 
the fingerprinting mechanisms can only base on the beaviour of the 
applications themselves (Layer 5-7).
This makes it a princible driven problem, so every OS detection I know 
will fail. E.g. nmap


Mandriva Linux 10.2 on VMware-Server
  Device type: general purpose|printer|WAP|specialized|storage-misc
  Running (JUST GUESSING) : Linux 2.6.X|2.4.X (92%), Xerox embedded
  (88%), etc etc etc


Mandriva Linux 10.2 on "real" device (same patchlevel as vmware 
installation)

  Device type: general purpose
  Running: Linux 2.6.X
  OS details: Linux 2.6.9 - 2.6.12 (x86)

Cheers,

Toby

Shingari, Nitin V. schrieb:

Hi folks,


 

While scanning networks how good is nessus in identifying VMWare running 
machines?


Does nesssus scan and report OS and Applications on VMWare successfully?


 


Warm Regards

Nitin Shingari

[EMAIL PROTECTED]


------------------------------------------------------------------------

_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus






















					Reply via email to