mailing list archives
Re: Win95 detection
From: miguel.dilaj () pharma novartis com
Date: Tue, 7 Dec 2004 17:40:52 +0000
I know the feeling. Sometimes nmap is not able to differentiate between
Win9x/ME platforms (once ago I read that someone, probably Fyodor, said
that the reason is that all have exactly the same TCP/IP stack).
From my experience with OS detection tools, I remember one named queso,
created by the spanish group Apostolz or something like that.
It was not very good, sometimes it gave totally wrong information, saying
that a box was UNIX when it was Windows, but on the other hand when it
HIT, it was far more accurate than nmap.
Said that, try to get hold of queso, use nmap first to identify the
Win9x/ME boxes, then run queso against them, if queso says it's Novell,
forget about that, but if it says Win95 instead of 98 or ME, probably it's
Miguel Dilaj (Nekromancer)
Vice-President of IT Security Research, OISSG
PD: extract from
http://www.opal.dhs.org/docs/remote-analysis/work/os-detection.html : "QueSO is quite hard to find. The upstream home
page does not respond and
the project seems abandoned. Anyway it performs well and is available in
Debian (with the release from 1998) so it is usable.". Hope this info
"Samuel Petreski" <petreski () ksu edu>
Please respond to petreski
To: <security-basics () securityfocus com>
cc: (bcc: Miguel Dilaj/PH/Novartis)
Subject: Win95 detection
I have been given the task to scan for hosts that are running Windows 95
the network. I have tried scanning with Nmap and Nessus, however they
distinguish the hosts between 95/98/ME. I was wondering if anyone has run
across a tool that is able to detect Win95 hosts on the network.
Thanks for your help.
[ Attachment ''SMIME.P7S'' removed by Miguel Dilaj ]