Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: OS Identification (Plugin 11936)

from [Ray Van Dolson] Network Security [Permanent Link]
Subject: Re: OS Identification (Plugin 11936)
Date: Thu, 31 Jul 2008 12:12:54 -0700 
On Fri, Jul 18, 2008 at 08:15:22AM -0700, Ray Van Dolson wrote:

Hi all, per this blog:

  http://blog.tenablesecurity.com/nessus/page/3/ (search down the page
    for 11936)

The listed plugins are used to determine the identify of the OS on the
target host.  I don't see output of telnet listed there -- would this
be ignored as a factor in determining the OS?  In other words:

$ telnet hostname
Trying 10.27.52.76...
Connected to hostname.
Escape character is '^]'.
Red Hat Enterprise Linux Server release 5.2 (Tikanga)
Kernel 2.6.18-92.1.6.el5 on an x86_64
login:
telnet> quit

It seems that this could be used with a high degree of confidence in
determining that this machine is a RHEL 5.2 machine :)  Instead, with
the above host and 11936 enabled, I get only a 30% chance that the
machine is running the "Linux kernel".

Anyone know on the telnet thing?


I've modified the os_fingerprint_telnet.nasl plugin to do Linux
detection based on the telnet banner.

What's the best way to get my changes submitted to Tenable for
inclusion in future releases of this plugin?

Guess I'll start by opening a ticket, but maybe someone here can point
me in the right direction.

Ray
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  WMI Based Audit Policies for Nessus, Ron Gula
Next by Date:  Re: OS Identification (Plugin 11936), Ron Gula
Previous by Thread:  OS Identification (Plugin 11936), Ray Van Dolson
Next by Thread:  Re: OS Identification (Plugin 11936), Ron Gula
Indexes:  [Date] [Thread] [Top] [All Lists]