me, 2.0: what's the server running?

me, 2.0: jose nazario beauty and the street

what's the server running?

http://monkey.org/~jose/figs/IMG_3483.jpg

from the san diego automotive museum, a gorgeous lamborghini P538 by bizzarrini, specifically a 1966 model. i love super cars, and i love spyder type cars. what a combination ... from the museum website:

One of only three Bizzarinis ever built with this "spider" body style, this is the one-and-only powered by a Lamborghini V-12 engine. Six two-barrel Weber carburetors feed the 420 horsepower, 4-liter motor, propelling the car to speeds of 170 miles per hour. Bizzarinis are considered by many to be the epitome of Italian styling and performance.

as another piece of demonstration code of libnids for HiTB, this one uses pynids (python bindings for libnids) as it's network detection base. what this tool does is watch traffic and report on server strings for HTTP clients and daemons as well as SSH client and server strings and even MUA strings. the output looks sort of like this:


  64.235.234.130:  80:  Apache/1.3.31 (Unix) mod_auth_passthrough/1.8 
       Resin/2.1.10 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2634a 
       mod_ssl/2.8.19 OpenSSL/0.9.6b
   66.34.143.232:  80:  Apache/1.3.23 (Unix) PHP/4.0.6 FrontPage/4.0.4.3
    216.168.3.20:  80:  Apache/1.3.31 (Unix) AxKit/1.61 DAV/1.0.3 mod_perl/1.29
       mod_ssl/2.8.19 OpenSSL/0.9.7d
  213.86.246.154:  80:  DCLK-AdSvr
    216.39.69.70:  80:  Microsoft-IIS/5.0
    206.16.0.178:  80:  Apache
 212.187.242.215:  80:  Apache/1.3.27 (Unix) PHP/4.3.1
    65.216.78.68:  80:  Microsoft-IIS/5.0
 216.239.115.143:  80:  Apache/2.0
 212.187.242.207:  80:  Apache/1.3.26 (Unix)
     192.168.3.4: ssh:  SSH-2.0-OpenSSH_3.6p1
 johndoe@foo.com:smtp:  Microsoft Outlook 6.1.00010

version detect detects HTTP client and server version strings, SSH client and server version strings, and even MUA client version strings.

it's put together quite simply, and should be extendible to detect other clients and servers that send their version info in plain text. why is this useful? you can now passively inventory your network and identify things that need to be upgraded. it's also useful for detecting various apache modules that may be useful to know about, ie mod_bwlimited. it's BSD licensed, you can use it in a network inventory system when you couple it with a database and a web-based front end. queries for stuff like "show me all Microsoft mail clients".

this evening i fly to malaysia to attend/speak at hack in the box. i'll post when i can, so be on the look out for new and exciting images.

next Sunday, Oct 03, 2004 @ 03:51pm | previous Friday, Oct 01, 2004 @ 06:44am | archives

Last modified: Saturday, Oct 02, 2004 @ 06:53am

Your Ad Here