First page Back Continue Last page Summary Graphics

Scans to Determine OS Type

Telnet login banner
Malformed broadcast addresses
TCP/IP stack analysis (stealth scans)

Notes:

examples
UDP to syslog port 514 can crash a Cisco router
fragmented IGMP can hang Windows
spoofed ICMP 9 and 10 can get a Windows DHCP client to accept a different router
spoofed ICMP parameter problem message can hang a Gauntlet firewall
buffer overflow in Linux mountd allowed root access
Every few months (it seems) CERT publishes an advisory that current wu-ftpd has a vulnerability allowing for root access

Scans to Determine OS Type

Telnet login banner

Malformed broadcast addresses

TCP/IP stack analysis (stealth scans)

Notes: