Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 18 Nov 1998 16:06:16 +1030
From:      Greg Lehey <grog@lemis.com>
To:        Johann Visagie <wjv@cityip.co.za>, chat@FreeBSD.ORG
Subject:   What's that machine? (was: Interesting: Microsoft tried to move Hotmail to NT and failed.)
Message-ID:  <19981118160616.D440@freebie.lemis.com>
In-Reply-To: <19981111103720.A3963@cityip.co.za>; from Johann Visagie on Wed, Nov 11, 1998 at 10:37:20AM %2B0200
References:  <3647B9E7.BCC59A27@airnet.net> <Pine.SOL.3.96.981109231141.8762A-100000@bachue.usc.unal.edu.co> <19981110155600.B499@freebie.lemis.com> <19981110095540.A1100@cityip.co.za> <19981111103444.N18183@freebie.lemis.com> <19981111103720.A3963@cityip.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wednesday, 11 November 1998 at 10:37:20 +0200, Johann Visagie wrote:
> On Wed, 11 Nov 1998 at 10:34 SAST, Greg Lehey wrote:
>> On Tuesday, 10 November 1998 at  9:55:40 +0200, Johann Visagie wrote:
>>>
>>> Now the question, _how_ do they do it?  They correctly identify my Web server
>>> as running FreeBSD, and yet I didn't see any connections or attempted
>>> connections, except for the expected "HEAD / HTTP/1.0" query to the httpd.
>>
>> Right.  I saw this, too.  They *don't* identify the operating system
>> for my web server.
>>
>>> Let me dig deeper...
>>
>> Please do, and publish your results.
>
> My digging led me directly to "queso" (in the ports, category "net").  (I
> _had_ heard of queso before, but its name escaped me when I made my posting
> yesterday.)
>
> The outline of queso's methodology is succinctly described on its home page
> at:  http://www.apostols.org/projectz/queso/
>
> Reading the above page, one can at least form a very clear picture as to how
> the OS identification process works.  However, there are a number of queso
> gateways on the Web (such as the one at http://mailsearch.particle.net/), and
> these seem to indicate that queso _can't_ identify the very same server that
> Netcraft did as running FreeBSD.
>
> Errr...  gosh.  As I was typing the above I tried the gateway at
> mailsearch.particle.net again, and whereas yesterday it said the machine ran
> an unidentified OS, today it identifies it as "FreeBSD, NetBSD or OpenBSD".

Interesting stuff.  I've tried this out, and found the following about
the root name servers:

a.root-servers.net   198.41.0.4:53      * MacOS-8 (or unusual Solaris)
b.root-servers.net   128.9.0.107:53     * Solaris 2.x
c.root-servers.net   192.33.4.12:53     * Solaris 2.x
d.root-servers.net   128.8.10.90:53     * FreeBSD, NetBSD, OpenBSD
e.root-servers.net   192.203.230.10:53  *- Unknown OS, pleez update /usr/local/etc/queso.conf
f.root-servers.net   192.5.5.241:53     * Berkeley: usually Digital Unix, OSF/1 V3.0, HP-UX 10.x
g.root-servers.net   192.112.36.4:53    *- Unknown OS, pleez update /usr/local/etc/queso.conf
h.root-servers.net   128.63.2.53:53     * MacOS-8 (or unusual Solaris)
i.root-servers.net   192.36.148.17:53   * NetBSD 1.3.x
j.root-servers.net   198.41.0.10:53     * MacOS-8 (or unusual Solaris)
k.root-servers.net   193.0.14.129:53    * BSDi or IRIX
l.root-servers.net   198.32.64.12:53    * Berkeley: usually SunOS 4.x, NexT, Annex
m.root-servers.net   202.12.27.33:53    *- Firewall drops SYN pakets.

I'd guess that all the MacOS 8s are really unusual Solarises.  That
still makes all the identifiable servers UNIX, and 5 out of 10 are
BSD.  No sign of Linux anywhere.

Also, our local name servers seem to be FreeBSD, as they had told me:

ns.telstra.net:53    203.50.0.137:53 * FreeBSD, NetBSD, OpenBSD  
ns1.telstra.net:53   139.130.4.5:53  * FreeBSD, NetBSD, OpenBSD  

I also tried it on the relay hosts I found in my maillog files.
Here's the script if you want to try it:

   grep relay /var/log/maillog|sed 's:^.*relay=::; s/\.*,* .*$//; s/\(.*\)/ec -n "\1   "; queso \1:25/'|sort|uniq|sh

There's a bit of junk in there, and the results definitely relate to
the fact that I'm involved in the FreeBSD project, but I still find it
interesting:

MLIST-1.SP.CS.CMU.EDU   128.2.185.162:25    * Berkeley: Digital, HPUX, SunOs4, AIX3, OS/2 WARP-4, others...  
allegro.lemis.com       192.109.197.134:25  * Dead Host, Firewalled Port or Unassigned IP
arena.mediainform.no    193.69.158.68:25    *- Firewalled host/port or network congestion  
awesome-f0.us.dell.com  143.166.12.131:25   * IRIX 6.x  
basil.acr.net.au	203.22.236.98:25    * Solaris 2.x
caladan.tdx.co.uk	195.188.177.4:25    * FreeBSD, NetBSD, OpenBSD  
dragon.krdl.org.sg	137.132.247.20:25   *- Not Listen, try another port
ednet1.orednet.org	159.121.170.2:25    * Berkeley: usually SunOS 4.x, NexT, Annex
extensisnt.extensis.com 198.145.32.6:25     * Windoze 95/98/NT 
freeside.fc.net		207.170.70.2:25     * FreeBSD, NetBSD, OpenBSD  
hub.FreeBSD.ORG		204.216.27.18:25    * FreeBSD, NetBSD, OpenBSD  
krdl.org.sg		137.132.252.27:25   * Solaris 2.x
listserv.islandnet.com  199.175.106.5:25    * Linux 1.3.xx, 2.0.0 to 2.0.34  
mail.connexus.net.au    203.12.22.20:25	    * FreeBSD, NetBSD, OpenBSD  
mail.fc.net		207.170.70.2:25	    * FreeBSD, NetBSD, OpenBSD  
mail.mel.aone.net.au    203.12.176.157:25   * Solaris 2.x
mail.plutotech.com	206.168.67.137:25   * FreeBSD, NetBSD, OpenBSD  
mail.polstra.com	206.213.73.130:25   * FreeBSD, NetBSD, OpenBSD  
mail.smith.net.au	203.38.152.97:25    * FreeBSD, NetBSD, OpenBSD  
mailhub.fokus.gmd.de    193.174.154.14:25   * Solaris 2.x
mass-mx.pmm.mci.net	208.159.126.182:25  *- Unknown OS, pleez update /usr/local/etc/queso.conf
newman.softweyr.com	204.68.178.33:25    * FreeBSD, NetBSD, OpenBSD  
nico.telstra.net	139.130.204.16:25   * Berkeley: usually SunOS 4.x, NexT, Annex
phoenix.aye.net		206.185.8.134:25    * FreeBSD, NetBSD, OpenBSD  
phoenix.welearn.com.au  203.35.200.139:25   * FreeBSD, NetBSD, OpenBSD  
pop.onelist.com		209.207.164.31:25   * Linux 2.0.35 to 2.0.9999 :)
postoffice.telstra.net  139.130.4.7:25      * FreeBSD, NetBSD, OpenBSD  
rodin.krdl.org.sg	137.132.252.27:25   * Solaris 2.x
rtrwan160.accessone.com 206.213.115.74:25   *- Firewalled host/port or network congestion  
rvn-32-6.rs.extensis.com 198.145.32.6:25    * Windoze 95/98/NT 
sarip.sol.net:25	169.207.30.120:25   * FreeBSD, NetBSD, OpenBSD  
suebla.lnk.telstra.net  139.130.44.81:25    * FreeBSD, NetBSD, OpenBSD  
www.onelist.com		209.207.164.157:25  * Linux 2.0.35 to 2.0.9999 :)
x.physics.usyd.edu.au   129.78.129.25:25    * FreeBSD, NetBSD, OpenBSD  
zamboni.mail.digex.net  204.91.99.98:25     *- Unknown OS, pleez update /usr/local/etc/queso.conf

Greg
--
See complete headers for address, home page and phone numbers
finger grog@lemis.com for PGP public key

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981118160616.D440>