Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product)
On 07:50 AM 5/19/02, Ralph Doncaster wrote:
RD> I often like to know if a particular web server is running Unix or RD> Winblows. A port scanner is a useful tool in making that
determination.
[allan@ns1 phpdig]$ telnet www.istop.com 80 Trying 216.187.106.194... Connected to dci.doncaster.on.ca (216.187.106.194). Escape character is '^]'. HEAD / HTTP/1.0
HTTP/1.1 200 OK Date: Sun, 19 May 2002 01:47:57 GMT Server: Apache/1.3.22 (Unix) FrontPage/4.0.4.3 PHP/4.1.2 mod_fastcgi/2.2.8
Sure, it works on some servers, but try it on yahoo.com, cnn.com, ...
<http://uptime.netcraft.com/up/graph/?mode_u=off&mode_w=on&site=www.cnn.com> Works for me, works from any system that has a browser. At any given time I'm *far* more likely to have a browser running than port scanning software, so this solution is also IMHO faster. jc
<http://uptime.netcraft.com/up/graph/?mode_u=off&mode_w=on&site=www.cnn.com>
Works for me, works from any system that has a browser. At any given time I'm *far* more likely to have a browser running than port scanning software, so this solution is also IMHO faster.
Until today netcraft listed agamemnon.cnchost.com as unknown. I ran nmap to see what it says, so I guess you should assume I'm hostile. ;-) Interesting ports on agamemnon.cnchost.com (207.155.252.31): (The 1519 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 25/tcp open smtp 80/tcp open http 110/tcp open pop-3 TCP Sequence Prediction: Class=truly random Difficulty=9999999 (Good luck!) No OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: TSeq(Class=TR) T1(Resp=Y%DF=Y%W=6045%ACK=S++%Flags=AS%Ops=NWM) T2(Resp=N) T3(Resp=N) T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=N)
participants (2)
-
JC Dill -
Ralph Doncaster