Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: VMWare

from [Tobias Glemser] Network Security [Permanent Link]
Subject: Re: VMWare
Date: Thu, 21 Dec 2006 12:12:05 +0100 
Nitin,

> While scanning networks how good is nessus in identifying VMWare
> running machines?
There seems to be no plugin doing that (altough it seems to be a good idea to me). But as long as the MAC Adresses within the VMware are not changed, you can identify those systems by having a look at the vendor part of the MAC. I would just do a quick nmap scan to resolve that.

 [root@26 ~]# nmap -sS -O mysystem.mynetwork.local
 Starting Nmap 4.20 ( http://insecure.org ) at 2006-12-21 12:06 CET
 Interesting ports on mysystem.mynetwork.local:
 Not shown: 1696 filtered ports
 PORT      STATE  SERVICE
 22/tcp    open   ssh
 MAC Address: 00:0C:29:74:34:44 (VMware)


> Does nesssus scan and report OS and Applications on VMWare
> successfully?
Mandriva Linux 10.2 on VMware-Server

 Security Note found (general/tcp)
 Plugin-ID      11936
 Description    Nessus was not able to reliably identify the remote
                operating system. It might be:
                 IBM OS/400
                 Linux Kernel 2.4
                 SCO UnixWare 8.0

Mandriva Linux 10.2 on "real" device (same patchlevel as vmware installation)

 Security Note found (general/tcp)
 Plugin-ID      11936
 Description    The remote host is running Linux Kernel
                 2.6.12-27mdk-i686-up-4GB (i386)

It seems like the beaviour for fingerpriting the OS changes (Layer 2(?), 3 and 4) when using VMware. This does not affect any application, for the fingerprinting mechanisms can only base on the beaviour of the applications themselves (Layer 5-7).
This makes it a princible driven problem, so every OS detection I know will fail. E.g. nmap

Mandriva Linux 10.2 on VMware-Server
  Device type: general purpose|printer|WAP|specialized|storage-misc
  Running (JUST GUESSING) : Linux 2.6.X|2.4.X (92%), Xerox embedded
  (88%), etc etc etc

Mandriva Linux 10.2 on "real" device (same patchlevel as vmware installation)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.9 - 2.6.12 (x86)

Cheers,

Toby

Shingari, Nitin V. schrieb: 
Hi folks,



While scanning networks how good is nessus in identifying VMWare running machines?

Does nesssus scan and report OS and Applications on VMWare successfully?



Warm Regards

Nitin Shingari

nvshingari@ipolicynetworks.com


------------------------------------------------------------------------

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  VMWare, Shingari, Nitin V.
Next by Date:  Re: VMWare, jfvanmeter
Previous by Thread:  VMWare, Shingari, Nitin V.
Next by Thread:  Re: VMWare, Nicolas Pouvesle
Indexes:  [Date] [Thread] [Top] [All Lists]