On Mon, Feb 15, 1999 at 09:38:56PM -0600, Chris McCraw wrote:
| i use queso to try to determine what OS folks are running that are messing
| with my network; can anyone recommend network ports that might be listening
| on windows? i generally use telnet (23) and/or ssh (22) to probe on
| unix boxen, but don't know what "generally listening" ports windows has.
| (netbios? what port number does that sit on?)
139 is the port you're looking for.
Other things you might look for include ...
- 80/WWW. Do an invalid request, look for a M$ server -
HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/4.0
- 113/ident. Many IRC clients will do identd for you, so they can
get on IRC servers that require it.
The easiest way to determine the `fake' identds is to make a bogus
request, and see if it still gives a username, probably the same one
it gives for a valid request (i.e. all requests give the same user
name, no matter what.)
- 25/smtp. Look for a M$ specific mail client.
220-mail1.austin.rr.com Microsoft SMTP MAIL ready at Tue, 16 Feb 1999 01:56:52
-0600 Version: 5.5.1875.185.18
- 20/ftp. Look for a M$ specific client, such as Exceed.
- 23/telnet. ditto.
You get the idea.
However, most user Windows boxes will only be listening on port 139,
as far as I know. So if you find a box that's only listening on port
139, it's probably Windows. If it's not listening on any ports, it's
probably Windows. If it's listening on smtp/telnet/ftp, it's probably
either Unix or a Windows server box (most don't listen for telnet,
however, but a few do.)
--
Doug McLaren, [EMAIL PROTECTED]
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
