[Moderator: Really neat post here. Going to add a few comments for
everyone :) .. 'repsec' is running 2.0.34 with custom mods. 'caltech' ..
I can see that. I know of several EDUs running old stuff like SunOS,
Ultrix and the like. AOL runs "stratus" machines if I am not mistaken.
I found info on them a while back on their web site (www.stratus.com?)
and might be a neat addition to the database. Elsewise, these are dead on
accurate as best as I know. VERY nice addition to the NMAP utility.]
From: Fyodor <fyodor@dhp.com>
For those who don't know, I am finishing a new version of my Nmap network
exploration tool. This version does remote OS identification via TCP/IP
fingerprinting (kindof like the awesome queso program, although nmap
uses some more advanced techniques). In any case, I did a mass scan of
(mostly) security sites and I thought it might interest the list as well
as shed some light into what operating systems are preferred by security
companies and hackers (I don't claim it is a statisticly valid sample --
I just picked sites off the top of my head):
# "Hacker" sites
www.l0pht.com => OpenBSD 2.2 - 2.4
www.insecure.org => Linux 2.0.31-34
www.rhino9.ml.org => Windows 95/NT # No comment :)
www.technotronic.com => Linux 2.0.31-34
www.2600.com => FreeBSD 2.2.6 - 3.0 Beta
www.kevinmitnick.com => Linux 2.0.31-34 # Free Kevin!
www.antionline.com => FreeBSD 2.2.6 - 3.0 Beta
www.rootshell.com => Linux 2.0.35
# Security vendors, consultants, etc.
www.repsec.com => Linux 2.0.35
www.iss.net => Linux 2.0.31-34
www.checkpoint.com => Solaris 2.5 - 2.51
www.infowar.com => Win95/NT
# Vendor loyalty to their OS
www.li.org => Linux 2.0.35 # Linux International
www.redhat.com => Linux 2.0.31-34 # I wonder what distribution :)
www.debian.org => Linux 2.0.35
www.linux.org => Linux 2.1.122
www.sgi.com => IRIX 6.2 - 6.4
www.netbsd.org => NetBSD 1.3X
www.openbsd.org => Solaris 2.6 # Ahem :)
www.freebsd.org => FreeBSD 2.2.6-3.0 Beta
# Ivy league
www.harvard.edu => Solaris 2.6
www.yale.edu => Solaris 2.5 - 2.51
www.caltech.com => SunOS 4.1.2-4.1.4 # Hello! This is the 90's :)
# Might be a custom machine instead.
www.mit.edu => Solaris 2.5 - 2.51 # Coincidence that the good
# schools all seem to like Sun?
# Lamer sites
www.aol.com => IRIX 6.2 - 6.4 # No wonder they are so insecure :)
www.happyhacker.org => OpenBSD 2.2-2.4 # Sick of being owned, Carolyn?
# Even the most secure OS is
# useless in the hands of an
# incompetent admin.
# Misc
www.lwn.net => Linux 2.0.31-34 # This Linux news site rocks!
www.whitehouse.gov => IRIX 5.3
Notes: In their security white paper, Microsoft said about their lax
security: "this assumption has changed over the years as Windows NT gains
popularity largely because of its security features.". Hmm, from where I
stand it doesn't look like Windows is very popular among the security
community :). I only see 2 Windows boxes from the whole group, and
Windows is _easy_ for nmap to distinguish since it is so broken (standards
wise).
The version of nmap used for this will probably be released within 2
weeks - 2 months. If you really _must_ have the beta now, send me
mail. The released version is at http://www.insecure.org/nmap/ . If
you run any of these boxes and I got the OS wrong, please send me
mail.
Cheers,
Fyodor (fyodor@dhp.com)
--
Fyodor 'finger fyodor@dhp.com | pgp -fka'
"Girls are different from hacking. You can't just brute force them if all
else fails." --SKiMo, quoted in _Underground_ (good book)
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Oct 19 09:20:09 1998