chris (fool) mccraw wrote, On 08/26/2011 10:01 AM: > On Fri, Aug 26, 2011 at 09:32, Daniel Herrington > <[email protected]> wrote: >> Yes linux, either centOs or RHEL. >> >> Problem is I don't have login access. I only have the ability to scan >> the server remotely. > an interesting conundrum. i couldn't figure out a way to make any of > my services tell me that (sendmail connection header, apache version > #, sshd version string, etc). i am kind of glad since hey, there's no > reason i'd want you to know whether i have a 64bit modern CPU or am > running ELKS linux on a 286 unless i was willing to tell you. > > i'm certain some services (and some configurations of some > services--sendmail banner is entirely config-file-user-configurable, > for instance) leak that info even if not explicitly. what services is > it running? The context is we're doing a data center migration that's going from physical to virtual, and I can't automate my virtual builds unless I know OS bitness (So no black hat work going on...).
Customer wants to limit manual login work on the servers. End result is I know if it's a CentOS or RH, but no idea of services, applications, etc. that might be running. The one I'm testing with is running Apache, but it doesn't seem like Apache is leaking it's bitness. 80 and 443 are open, but the other ports are shut. The other problem I realized is I could be talking to the firewall or load balancer, and in that case I can't trust my return data. PLUS, I downloaded the OS Fingerprinting for Fun and Profit ppt, and learned of the IP Personality project (http://ippersonality.sourceforge.net/). This Linux kernel module allows you to spoof your OS fingerprint. If anyone is looking for ways to protect themselves, this seems the ideal solution. For me though, just another nail in the coffin of what originally looked like a promising solution. -- Daniel Herrington Director of Field Services Robert Mark Technologies o: 651-769-2574 m: 503-358-8575 www.robertmark.com CA Workload Automation r11.3 is now GA. Contact us if you have any questions about the new release or want to discuss your company’s upgrade path. Follow Robert Mark on LinkedIn! http://www.linkedin.com/company/robert-mark-technologies/ _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
