make my windows box report as a *NIX box

**gore** · November 16th, 2004, 09:03 PM

Windows always has a server running. Shut down RPC and come back too me.

***RoadClosed*** · November 16th, 2004, 09:14 PM

If you bring RPC into the light and it's varation with Java implementaitons which is RMI and add in Open Network Computing Remote Procedure Call from Sun Micro., then we are all SNOCKERED. Attempt at humor.

**White Scorpion** · November 17th, 2004, 07:25 AM

Windows always has a server running. Shut down RPC and come back too me

you got me there, i forgot about that thing.... but still it would make no difference if using a good hardware firewall since it would not let the server / service connect to the outside (if you don't want too).

**spurious_inode** · November 17th, 2004, 08:39 AM

Originally posted here by White Scorpion
yeah ok, but you would still have to be able to monitor the network traffic and examin the packages.

but normally when you have just an ip with no server running (that you know of) and you aren't able to monitor traffic, (especially with an hardware firewall) i doubt it will be so easy. and that is what i was trying to say... of course when you are running a webserver it would be a lot harder to block (maybe even impossible).

Hardware firewalls are overrated. Our guys just spent the past 9 hours un-*****ing the network after a cisco pix HA pair **** the bed and then brought all interfaces online at the same time. Which by the way causes multiple loops in the network, which is illegal on ethernet networks....

Monitor? We are talking about port scanning here aren't we.

Scanning through firewalls is a very basic black hat skill, and anybody who doesn't know how isn't a hacker.

If I can get a MAC address, a couple of DHCP pings, and maybe a couple hundred rejected packets I can make a pretty good guess as to the hardware of the machine, and the OS.

Networking was designed to be predictable, that will always trump cheap (obscurity *)security tricks!

-- spurious

**gore** · November 17th, 2004, 09:37 AM

Heh, a Peer to Peer Network with Windows 2000 could be fun. Well, interesting too say the least if you can make the two machines ping each other at the exact same moment. Should crash.

I posted a trick that will make Windows 2000 Force BSOD with a regedit too do this but I'm to tired right now too look for the link. This has nothing too do with much of anything but it's more interesting than listening too some of this heh.

**White Scorpion** · November 17th, 2004, 12:56 PM

If I can get a MAC address, a couple of DHCP pings, and maybe a couple hundred rejected packets I can make a pretty good guess as to the hardware of the machine, and the OS.

but getting them is the biggest problem...

but like gore already pointed out, this doesn't really answer the question of the original poster anymore, and we can keep up this discussion for several pages, but eventually it will help no one i think

as far as i know (from a defending point of view) you can defend it and make it an attacker as hard as possible, and it seems that from your point of view you believe you could always find a way.

i have to agree with you on some parts, cause i do not believe that there is any system in the world which is unhackable (unless it has absolutely no connection to the outside world), so eventually you could perhaps find something, but i still keep my statement that with a good configuration and a good firewall you can prevent most attackers from determining your OS, of course there are always people who find a way, but luckely those are very rare

i suggest we stop this discussion and leave this thread open to people who CAN help the original poster with his question.

no hard feelings tho

regards

White Scorpion

**secure_lockdown** · November 17th, 2004, 01:30 PM

http://www.specter.com/

will enumerate different OS.

**White Scorpion** · November 17th, 2004, 06:59 PM

Current Version : 7.0
Sales inquiries : [email protected]

SPECTER
SPECTER Initial Package (incl. 1 license) US$ 899.00 Order
SPECTER Additional License US$ 399.00 Order
SPECTER Extension of Upgrade & Support Period (1 year) US$ 99.00 Order

SPECTER Light *
SPECTER Light Initial Package (incl. 1 license) US$ 599.00 Order
SPECTER Light Additional License US$ 269.00 Order
SPECTER Light Extension of Upgrade & Support Period (1 year) US$ 99.00 Order
SPECTER Light Initial Package Upgrade to full version US$ 399.00 Order
SPECTER Light Additional License Upgrade to full version US$ 149.00 Order

a little expensive though.

**gore** · November 18th, 2004, 12:17 AM

Anyone who would use it will either be able too afford it, or they don't pay for software wanyway. Price is never a problem with security tools.

***Tiger Shark*** · November 18th, 2004, 12:29 AM

What's the point....

If the box is secured and updated then the issue is a non-issue....

What the box "reports" is irrelevant..... What it's expolitable by is more important! The worm doesn't give a rats a$$ what the box says it is, if the port is open it will try the exploit..... Regardless of what the box "says" it is the exploit will work if the box isn't secured or patched against it....

Show me a worm that says "Self..... This box says it's a *nix box so my windows 'sploit won't work so I won't try it...."

No. they say... "OK... it responds on port X.... Ok.... fire the code and let's see what happens"

Yawn....

This stuff isn't difficult you know......

I'm starting to wonder why I come here sometimes......

Thread: make my windows box report as a *NIX box

Thread Tools

Display

Posting Permissions