[opensuse] IP address & OS
From an IP address, can I tell what OS is running ? Case in point, AT&T DNS server IP addresses - do they have a virus ? Thanks, Duaine -- Duaine Hechler Piano, Player Piano, Pump Organ Tuning, Servicing & Rebuilding Reed Organ Society Member Florissant, MO 63034 (314) 838-5587 dahechler@att.net www.hechlerpianoandorgan.com -- Home & Business user of Linux - 11 years -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Duaine Hechler
From an IP address, can I tell what OS is running ?
As root:
,----
| nmap -O
On 08/23/2011 05:26 PM, Duaine Hechler wrote:
From an IP address, can I tell what OS is running ?
Case in point, AT&T DNS server IP addresses - do they have a virus ?
Thanks, Duaine
You can't tell from the value of the IP address itself, but you can attempt OS detection by running nmap -O IP.ad.dr.ess as root in a terminal window. That, however, won't tell you anything about whether they have a virus. Jim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 08/23/2011 07:54 PM, Jim Cunning wrote:
On 08/23/2011 05:26 PM, Duaine Hechler wrote:
From an IP address, can I tell what OS is running ?
Case in point, AT&T DNS server IP addresses - do they have a virus ?
Thanks, Duaine
You can't tell from the value of the IP address itself, but you can attempt OS detection by running
nmap -O IP.ad.dr.ess
as root in a terminal window. That, however, won't tell you anything about whether they have a virus.
Jim
So, is this windows or unix/linux ? linux-z6iz:/home/dahechler # nmap -O 68.94.156.1 Starting Nmap 5.00 ( http://nmap.org ) at 2011-08-23 20:11 CDT Interesting ports on dnsr1.sbcglobal.net (68.94.156.1): Not shown: 999 filtered ports PORT STATE SERVICE 53/tcp open domain Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: switch *Running: HP embedded OS details: HP 4000M ProCurve switch (J4121A)* OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 17.95 seconds -- Duaine Hechler Piano, Player Piano, Pump Organ Tuning, Servicing& Rebuilding Reed Organ Society Member Florissant, MO 63034 (314) 838-5587 dahechler@att.net www.hechlerpianoandorgan.com -- Home& Business user of Linux - 11 years -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2011-08-23 at 17:54 -0700, Jim Cunning wrote:
On 08/23/2011 05:26 PM, Duaine Hechler wrote:
From an IP address, can I tell what OS is running ?
Case in point, AT&T DNS server IP addresses - do they have a virus ?
Thanks, Duaine
You can't tell from the value of the IP address itself, but you can attempt OS detection by running
nmap -O IP.ad.dr.ess
Furthermore, their firewall might change the behaviour of nmap. strict filtering migh give you none, and ip-forwarding might give you wrong results. hw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Duaine Hechler wrote:
From an IP address, can I tell what OS is running ?
Case in point, AT&T DNS server IP addresses - do they have a virus ?
Thanks, Duaine
The IP address has absolutely nothing to do with OS. An ISP is assigned a block of addresses, which they in turn hand out to users. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 8/23/2011 8:26 PM, Duaine Hechler wrote:
From an IP address, can I tell what OS is running ?
Maybe if you're lucky. nmap has a database of behavioral signatures it can use to _attempt_ to deduce the running OS/firmware/other-software from various clues, but it's absolutely utter pot luck blind shot in the dark no way to know if anything about the results are actually true. Not only might you get no or inconclusive results, but you can't even really know that a positive ID is true (that really means there is no such thing as a positive ID). Everything that nmap or any other util can observe remotely can be hidden or spoofed or just plain not distinct enough even if no hiding or spoofing is going on.
Case in point, AT&T DNS server IP addresses - do they have a virus ?
Might as well ask what color paint is on the front. -- bkw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 08/24/2011 12:19 PM, Brian K. White wrote:
On 8/23/2011 8:26 PM, Duaine Hechler wrote:
<snip>
Case in point, AT&T DNS server IP addresses - do they have a virus ?
Might as well ask what color paint is on the front.
Quickie update: BTW, this took - 5 - tries with - 5 - sets of transfers within customer service...... I *finally* got a hold of a rep that would listen to me and *not* keep trying to tell me it's my browser or that I'm running Linux and we finally figured out that it was the old ".com.net" problem associated with iwsearch.net. Meaning, if somehow ".net" gets appended to ".com" then the iwsearch.net pops up. However, as I added to him, it still didn't explain why that if I hit refresh in the browser, sometimes I would get the page back and other times I would get iwsearch.net http://www.grok2.com/blog/2010/06/24/my-firefox-browser-inexplicably-sends-m... After us talking for a while, I mentioned that this only showed up about a week ago and that around a year or so ago, somehow got fixed (on their side). He - said - that - he was going to look into it (I won't hold my breath), in the mean time, he said to get a blocker addon and use it to block the site. P.S. I'm sure most of you are like me, when they try to tell me it's *my* problem because I'm running *Linux*, I really get irate. I even had one guy that kept asking if Linux was closest to WinXP or Win7 - Dumb Ass. I'M STILL NOT GOING BACK TO WINDOWS Duaine -- Duaine Hechler Piano, Player Piano, Pump Organ Tuning, Servicing& Rebuilding Reed Organ Society Member Florissant, MO 63034 (314) 838-5587 dahechler@att.net www.hechlerpianoandorgan.com -- Home& Business user of Linux - 11 years -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (6)
-
Brian K. White
-
Charles Philip Chan
-
Duaine Hechler
-
Hans Witvliet
-
James Knott
-
Jim Cunning