Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: VMWare

from [jfvanmeter] Network Security [Permanent Link]
Subject: Re: VMWare
Date: Thu, 21 Dec 2006 11:32:16 +0000 
I think an NMAP scan show if a nic is a vmware nic.  I seam to remember either 
Nessus or NMAP showing it the last time I ran a scan on a subnet that had 
VMWare running.

Take Care --John

 -------------- Original message ----------------------
From: Tobias Glemser <tglemser@tele-consulting.com>

Nitin,

 > While scanning networks how good is nessus in identifying VMWare
 > running machines?
There seems to be no plugin doing that (altough it seems to be a good 
idea to me). But as long as the MAC Adresses within the VMware are not 
changed, you can identify those systems by having a look at the vendor 
part of the MAC. I would just do a quick nmap scan to resolve that.

  [root@26 ~]# nmap -sS -O mysystem.mynetwork.local
  Starting Nmap 4.20 ( http://insecure.org ) at 2006-12-21 12:06 CET
  Interesting ports on mysystem.mynetwork.local:
  Not shown: 1696 filtered ports
  PORT      STATE  SERVICE
  22/tcp    open   ssh
  MAC Address: 00:0C:29:74:34:44 (VMware)


 > Does nesssus scan and report OS and Applications on VMWare
 > successfully?
Mandriva Linux 10.2 on VMware-Server

  Security Note found (general/tcp)
  Plugin-ID   11936
  Description Nessus was not able to reliably identify the remote
                 operating system. It might be:
                  IBM OS/400
                  Linux Kernel 2.4
                  SCO UnixWare 8.0

Mandriva Linux 10.2 on "real" device (same patchlevel as vmware 
installation)

  Security Note found (general/tcp)
  Plugin-ID   11936
  Description The remote host is running Linux Kernel
                  2.6.12-27mdk-i686-up-4GB (i386)

It seems like the beaviour for fingerpriting the OS changes (Layer 2(?), 
3 and 4) when using VMware. This does not affect any application, for 
the fingerprinting mechanisms can only base on the beaviour of the 
applications themselves (Layer 5-7).
This makes it a princible driven problem, so every OS detection I know 
will fail. E.g. nmap

Mandriva Linux 10.2 on VMware-Server
   Device type: general purpose|printer|WAP|specialized|storage-misc
   Running (JUST GUESSING) : Linux 2.6.X|2.4.X (92%), Xerox embedded
   (88%), etc etc etc

Mandriva Linux 10.2 on "real" device (same patchlevel as vmware 
installation)
   Device type: general purpose
   Running: Linux 2.6.X
   OS details: Linux 2.6.9 - 2.6.12 (x86)

Cheers,

Toby

Shingari, Nitin V. schrieb:

Hi folks,

 

While scanning networks how good is nessus in identifying VMWare running 
machines?

Does nesssus scan and report OS and Applications on VMWare successfully?

 

Warm Regards

Nitin Shingari

nvshingari@ipolicynetworks.com


------------------------------------------------------------------------

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: VMWare, Tobias Glemser
Next by Date:  Re: VMWare, Nicolas Pouvesle
Previous by Thread:  Re: VMWare, Ron Gula
Next by Thread:  nessuswx and hp-ux local scans, Todd Whitcher
Indexes:  [Date] [Thread] [Top] [All Lists]