* Nick Jacobsen ([EMAIL PROTECTED]) [030131 11:52]: > Hey All again, > Could any of you give me an idea of what type of machine the following might > be, based on the ports open? it is sitting at xxx.xxx.xxx.001 on a network, > so I am thinking it is some sort of gateway, but what OS/hardware? Below is > the results of telnetting to port 23, and the ruslts of an nmap scan (tried > the identify OS option, didn't do sh*t) > > Nick J. > Ethics Design > [EMAIL PROTECTED] > > <----------------- Telnet results ----------------------------> > Authorized uses only. All activity may be monitored and reported.
I'd try and get that vague banner changed. Obviously connecting is an authorized use of the machine. This banner doesn't prohibit unauthorized users though. =) > login: cisco > Password: > Login incorrect > <----------------- End Telnet Results -----------------------> > <----------------- Nmap Scan Results ----------------------> > 21/tcp open ftp What does the FTP banner say? > 22/tcp open ssh What ssh version does it run? Does it have a banner configured? > 23/tcp open telnet > 53/tcp open domain dig CHAOS version.bind TXT @<server> > 111/tcp open sunrpc rpcinfo <server> > 161/tcp filtered snmp > 162/tcp filtered snmptrap > 389/tcp open ldap > 512/tcp open exec > 513/tcp open login > 514/tcp open shell > 1002/tcp open unknown > 1169/tcp open unknown > 1433/tcp filtered ms-sql-s > 1720/tcp open H.323/Q.931 > 2410/tcp open unknown > 2785/tcp open unknown > 2786/tcp open unknown > 6000/tcp open X11 > 6112/tcp open dtspc > 7937/tcp open unknown > 7938/tcp open unknown > 32774/tcp open sometimes-rpc11 > 32775/tcp open sometimes-rpc13 > 32778/tcp open sometimes-rpc19 Have you tried connecting to some of the rservices, or X11 services? You may try scanning again using Queso for os identification. -- Benjamin Krueger ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
