forum.opennet.ru

Составление сообщения

Исходное сообщение

"OpenNews: Защита FreeBSD от удаленного определения типа ОС"
Отправлено scum, 16-Ноя-06 19:00

Вот что получилось.
# ./nmap -sS -O 192.168.110.4
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-11-16 18:19 MSK
Interesting ports on 192.168.110.4:
Not shown: 1674 closed ports
PORT    STATE SERVICE
13/tcp  open  daytime
21/tcp  open  ftp
22/tcp  open  ssh
37/tcp  open  time
80/tcp  open  http
113/tcp open  auth
Device type: general purpose
Running: OpenBSD 3.X
OS details: OpenBSD 3.5 - 3.9
Nmap finished: 1 IP address (1 host up) scanned in 64.466 seconds
Теперь прописываем на 192.168.110.4
/etc/pf.os:
1024:64:0:44:M1460:                     *NMAP:scum:1:NMAP scan
2048:64:0:44:M1460:                     *NMAP:scum:2:NMAP scan
3072:64:0:44:M1460:                     *NMAP:scum:3:NMAP scan
4096:64:0:44:M1460:                     *NMAP:scum:4:NMAP scan
/etc/pf.conf:
rdr on pcn0 proto tcp from any os nmap to any -> (pcn0) port ssh
Вот что получилось:
# ./nmap -O -p 80 192.168.110.4
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-11-16 18:38 MSK
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
Insufficient responses for TCP sequencing (0), OS detection may be less accurate
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
Insufficient responses for TCP sequencing (0), OS detection may be less accurate
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
Insufficient responses for TCP sequencing (0), OS detection may be less accurate
Interesting ports on 192.168.110.4:
PORT   STATE SERVICE
80/tcp open  http
MAC Address: 00:0C:29:4A:A5:1F (VMware)
Device type: general purpose|load balancer
Running (JUST GUESSING) : Microsoft Windows NT/2K/XP (97%), Novell NetWare 5.X|6.X (93%), HP HP-UX 11.X (89%), Foundry IronWare (89%), Linux 2.6.X (89%), Sun Solaris 10 (89%)
Aggressive OS guesses: Microsoft Windows Longhorn eval build 4051 (97%), NetWare 5.1 SP3 (93%), Novell NetWare 5.1 SP8 or 6.5 SP3 (93%), Novell NetWare 5.1-6.0 (93%), Novell NetWare 5.1SP4 - 6.0 (93%), Novell NetWare 5.1SP5 - 6.5 (93%), Novell NetWare 6 SP1 (93%), Novell NetWare 6 SP2 (93%), Novell NetWare 6.0 SP3 (91%), Novell Netware 6.0 SP4 (90%)
No exact OS matches for host (test conditions non-ideal).
Nmap finished: 1 IP address (1 host up) scanned in 54.435 seconds
Здесь я оставил только один порт (80), иначе долго пришлось бы ждать результатов скана - теперь все порты ведь открыты. Результат, как мне кажется, очень интересный: nmap явно растерян, сканирующий чешет репу. А ведь это была только шутка. А если серьезно, пишем в /etc/pf.conf
block in quick from any os nmap to any
и вот что получаем:
# ./nmap -sS -O 192.168.110.4
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-11-16 18:47 MSK
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
All 1680 scanned ports on 192.168.110.4 are filtered
MAC Address: 00:0C:29:4A:A5:1F (VMware)
Device type: general purpose
Running: Maxim-IC TiniOS, Novell NetWare 3.X|4.X|5.X|6.X
Too many fingerprints match this host to give specific OS details
Nmap finished: 1 IP address (1 host up) scanned in 88.151 seconds

Исходное сообщение
"OpenNews: Защита FreeBSD от удаленного определения типа ОС" Отправлено scum, 16-Ноя-06 19:00
Вот что получилось. # ./nmap -sS -O 192.168.110.4 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-11-16 18:19 MSK Interesting ports on 192.168.110.4: Not shown: 1674 closed ports PORT STATE SERVICE 13/tcp open daytime 21/tcp open ftp 22/tcp open ssh 37/tcp open time 80/tcp open http 113/tcp open auth Device type: general purpose Running: OpenBSD 3.X OS details: OpenBSD 3.5 - 3.9 Nmap finished: 1 IP address (1 host up) scanned in 64.466 seconds Теперь прописываем на 192.168.110.4 /etc/pf.os: 1024:64:0:44:M1460: NMAP:scum:1:NMAP scan 2048:64:0:44:M1460: NMAP:scum:2:NMAP scan 3072:64:0:44:M1460: NMAP:scum:3:NMAP scan 4096:64:0:44:M1460: NMAP:scum:4:NMAP scan /etc/pf.conf: rdr on pcn0 proto tcp from any os nmap to any -> (pcn0) port ssh Вот что получилось: # ./nmap -O -p 80 192.168.110.4 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-11-16 18:38 MSK Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? Insufficient responses for TCP sequencing (0), OS detection may be less accurate WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? Insufficient responses for TCP sequencing (0), OS detection may be less accurate WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? Insufficient responses for TCP sequencing (0), OS detection may be less accurate Interesting ports on 192.168.110.4: PORT STATE SERVICE 80/tcp open http MAC Address: 00:0C:29:4A:A5:1F (VMware) Device type: general purpose\|load balancer Running (JUST GUESSING) : Microsoft Windows NT/2K/XP (97%), Novell NetWare 5.X\|6.X (93%), HP HP-UX 11.X (89%), Foundry IronWare (89%), Linux 2.6.X (89%), Sun Solaris 10 (89%) Aggressive OS guesses: Microsoft Windows Longhorn eval build 4051 (97%), NetWare 5.1 SP3 (93%), Novell NetWare 5.1 SP8 or 6.5 SP3 (93%), Novell NetWare 5.1-6.0 (93%), Novell NetWare 5.1SP4 - 6.0 (93%), Novell NetWare 5.1SP5 - 6.5 (93%), Novell NetWare 6 SP1 (93%), Novell NetWare 6 SP2 (93%), Novell NetWare 6.0 SP3 (91%), Novell Netware 6.0 SP4 (90%) No exact OS matches for host (test conditions non-ideal). Nmap finished: 1 IP address (1 host up) scanned in 54.435 seconds Здесь я оставил только один порт (80), иначе долго пришлось бы ждать результатов скана - теперь все порты ведь открыты. Результат, как мне кажется, очень интересный: nmap явно растерян, сканирующий чешет репу. А ведь это была только шутка. А если серьезно, пишем в /etc/pf.conf block in quick from any os nmap to any и вот что получаем: # ./nmap -sS -O 192.168.110.4 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-11-16 18:47 MSK Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port All 1680 scanned ports on 192.168.110.4 are filtered MAC Address: 00:0C:29:4A:A5:1F (VMware) Device type: general purpose Running: Maxim-IC TiniOS, Novell NetWare 3.X\|4.X\|5.X\|6.X Too many fingerprints match this host to give specific OS details Nmap finished: 1 IP address (1 host up) scanned in 88.151 seconds

Ваше сообщение

Имя*:

EMail:

Для отправки ответов на email укажите знак ! перед адресом, например, [email protected] (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру