SECGRAD
asked on
OS Fingerprinting/Identification for Windows XP Workstations
Is there a way (or program) to successfully identify OS workstations on the network? I use nmap -O to scan the network but most of the network stations have sp2 w/ firewall enabled and nmap cannot determine the OS Fingerprint. Also, I need to save the output to a database (or file) so there has to be some sort of exporting in the program that you recommend.
Thanks!
Thanks!
Is this nework a domain?
What information specifically are you looking for from the systems?
It is possible to write special scripts to return results. This requires creativity and a little know how.
It is possible to write special scripts to return results. This requires creativity and a little know how.
ASKER
Good suggestions but writing scripts would be to much work. I scan multiple subnets within my organization and need to do OS Fingerprint on workstations with firewalls installed. I do not need to identify if they are vunlnerable just the identifications of the station, their IP. NMap is a good tool but doesn't do anything when a user is running a firewall.
Scootter, MBSA did not work for us. We're not running a Windows Domain and but do use LDAP for certain authenticaiton schemess. I just ran the software and tested it on the network. It did not detect OS.
Anyone have any suggestions on how to detect devices on the network even if they have a software firewall????
Scootter, MBSA did not work for us. We're not running a Windows Domain and but do use LDAP for certain authenticaiton schemess. I just ran the software and tested it on the network. It did not detect OS.
Anyone have any suggestions on how to detect devices on the network even if they have a software firewall????
We i was in a similar situation in a previous job and was able to construct a script to do the following:
1) Insert a scheduled task on a list of machines obtained from computer brower list from a server
2) The inserted task is nothing more than a batch file with the following command IPCONFIG /ALL >> \\server\share\%computerna me%.txt
It was actually pretty easy but the first script was written in VB and i'm way to rusty now.
1) Insert a scheduled task on a list of machines obtained from computer brower list from a server
2) The inserted task is nothing more than a batch file with the following command IPCONFIG /ALL >> \\server\share\%computerna
It was actually pretty easy but the first script was written in VB and i'm way to rusty now.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you are running a Windows Domain and all systems are MS, you could try using MS Baseline Analyzer to check out your systems - it'll use most of the standard MS ports to communicate and assess the patch levels of your desktop systems... Take a look here --> http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx
If you really want to use NMap, you could also use your Domain Security Policy to disable the firewall on all your domain systems (not recommended), then run your scans. You can re-enable the firewall later, but could possibly lose any custom configs on the workstations... and you could also take it in the shorts if you've got any trojans/worms lurking on your network...
Good Luck,
Scooter