From owner-freebsd-chat Tue Nov 17 21:37:10 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA20217 for freebsd-chat-outgoing; Tue, 17 Nov 1998 21:37:10 -0800 (PST) (envelope-from owner-freebsd-chat@FreeBSD.ORG) Received: from allegro.lemis.com (allegro.lemis.com [192.109.197.134]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA20212 for ; Tue, 17 Nov 1998 21:37:05 -0800 (PST) (envelope-from grog@freebie.lemis.com) Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137]) by allegro.lemis.com (8.9.1/8.9.0) with ESMTP id QAA13123; Wed, 18 Nov 1998 16:06:26 +1030 (CST) Received: (from grog@localhost) by freebie.lemis.com (8.9.1/8.9.0) id QAA08158; Wed, 18 Nov 1998 16:06:17 +1030 (CST) Message-ID: <19981118160616.D440@freebie.lemis.com> Date: Wed, 18 Nov 1998 16:06:16 +1030 From: Greg Lehey To: Johann Visagie , chat@FreeBSD.ORG Subject: What's that machine? (was: Interesting: Microsoft tried to move Hotmail to NT and failed.) References: <3647B9E7.BCC59A27@airnet.net> <19981110155600.B499@freebie.lemis.com> <19981110095540.A1100@cityip.co.za> <19981111103444.N18183@freebie.lemis.com> <19981111103720.A3963@cityip.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: <19981111103720.A3963@cityip.co.za>; from Johann Visagie on Wed, Nov 11, 1998 at 10:37:20AM +0200 WWW-Home-Page: http://www.lemis.com/~grog Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-41-739-7062 Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wednesday, 11 November 1998 at 10:37:20 +0200, Johann Visagie wrote: > On Wed, 11 Nov 1998 at 10:34 SAST, Greg Lehey wrote: >> On Tuesday, 10 November 1998 at 9:55:40 +0200, Johann Visagie wrote: >>> >>> Now the question, _how_ do they do it? They correctly identify my Web server >>> as running FreeBSD, and yet I didn't see any connections or attempted >>> connections, except for the expected "HEAD / HTTP/1.0" query to the httpd. >> >> Right. I saw this, too. They *don't* identify the operating system >> for my web server. >> >>> Let me dig deeper... >> >> Please do, and publish your results. > > My digging led me directly to "queso" (in the ports, category "net"). (I > _had_ heard of queso before, but its name escaped me when I made my posting > yesterday.) > > The outline of queso's methodology is succinctly described on its home page > at: http://www.apostols.org/projectz/queso/ > > Reading the above page, one can at least form a very clear picture as to how > the OS identification process works. However, there are a number of queso > gateways on the Web (such as the one at http://mailsearch.particle.net/), and > these seem to indicate that queso _can't_ identify the very same server that > Netcraft did as running FreeBSD. > > Errr... gosh. As I was typing the above I tried the gateway at > mailsearch.particle.net again, and whereas yesterday it said the machine ran > an unidentified OS, today it identifies it as "FreeBSD, NetBSD or OpenBSD". Interesting stuff. I've tried this out, and found the following about the root name servers: a.root-servers.net 198.41.0.4:53 * MacOS-8 (or unusual Solaris) b.root-servers.net 128.9.0.107:53 * Solaris 2.x c.root-servers.net 192.33.4.12:53 * Solaris 2.x d.root-servers.net 128.8.10.90:53 * FreeBSD, NetBSD, OpenBSD e.root-servers.net 192.203.230.10:53 *- Unknown OS, pleez update /usr/local/etc/queso.conf f.root-servers.net 192.5.5.241:53 * Berkeley: usually Digital Unix, OSF/1 V3.0, HP-UX 10.x g.root-servers.net 192.112.36.4:53 *- Unknown OS, pleez update /usr/local/etc/queso.conf h.root-servers.net 128.63.2.53:53 * MacOS-8 (or unusual Solaris) i.root-servers.net 192.36.148.17:53 * NetBSD 1.3.x j.root-servers.net 198.41.0.10:53 * MacOS-8 (or unusual Solaris) k.root-servers.net 193.0.14.129:53 * BSDi or IRIX l.root-servers.net 198.32.64.12:53 * Berkeley: usually SunOS 4.x, NexT, Annex m.root-servers.net 202.12.27.33:53 *- Firewall drops SYN pakets. I'd guess that all the MacOS 8s are really unusual Solarises. That still makes all the identifiable servers UNIX, and 5 out of 10 are BSD. No sign of Linux anywhere. Also, our local name servers seem to be FreeBSD, as they had told me: ns.telstra.net:53 203.50.0.137:53 * FreeBSD, NetBSD, OpenBSD ns1.telstra.net:53 139.130.4.5:53 * FreeBSD, NetBSD, OpenBSD I also tried it on the relay hosts I found in my maillog files. Here's the script if you want to try it: grep relay /var/log/maillog|sed 's:^.*relay=::; s/\.*,* .*$//; s/\(.*\)/ec -n "\1 "; queso \1:25/'|sort|uniq|sh There's a bit of junk in there, and the results definitely relate to the fact that I'm involved in the FreeBSD project, but I still find it interesting: MLIST-1.SP.CS.CMU.EDU 128.2.185.162:25 * Berkeley: Digital, HPUX, SunOs4, AIX3, OS/2 WARP-4, others... allegro.lemis.com 192.109.197.134:25 * Dead Host, Firewalled Port or Unassigned IP arena.mediainform.no 193.69.158.68:25 *- Firewalled host/port or network congestion awesome-f0.us.dell.com 143.166.12.131:25 * IRIX 6.x basil.acr.net.au 203.22.236.98:25 * Solaris 2.x caladan.tdx.co.uk 195.188.177.4:25 * FreeBSD, NetBSD, OpenBSD dragon.krdl.org.sg 137.132.247.20:25 *- Not Listen, try another port ednet1.orednet.org 159.121.170.2:25 * Berkeley: usually SunOS 4.x, NexT, Annex extensisnt.extensis.com 198.145.32.6:25 * Windoze 95/98/NT freeside.fc.net 207.170.70.2:25 * FreeBSD, NetBSD, OpenBSD hub.FreeBSD.ORG 204.216.27.18:25 * FreeBSD, NetBSD, OpenBSD krdl.org.sg 137.132.252.27:25 * Solaris 2.x listserv.islandnet.com 199.175.106.5:25 * Linux 1.3.xx, 2.0.0 to 2.0.34 mail.connexus.net.au 203.12.22.20:25 * FreeBSD, NetBSD, OpenBSD mail.fc.net 207.170.70.2:25 * FreeBSD, NetBSD, OpenBSD mail.mel.aone.net.au 203.12.176.157:25 * Solaris 2.x mail.plutotech.com 206.168.67.137:25 * FreeBSD, NetBSD, OpenBSD mail.polstra.com 206.213.73.130:25 * FreeBSD, NetBSD, OpenBSD mail.smith.net.au 203.38.152.97:25 * FreeBSD, NetBSD, OpenBSD mailhub.fokus.gmd.de 193.174.154.14:25 * Solaris 2.x mass-mx.pmm.mci.net 208.159.126.182:25 *- Unknown OS, pleez update /usr/local/etc/queso.conf newman.softweyr.com 204.68.178.33:25 * FreeBSD, NetBSD, OpenBSD nico.telstra.net 139.130.204.16:25 * Berkeley: usually SunOS 4.x, NexT, Annex phoenix.aye.net 206.185.8.134:25 * FreeBSD, NetBSD, OpenBSD phoenix.welearn.com.au 203.35.200.139:25 * FreeBSD, NetBSD, OpenBSD pop.onelist.com 209.207.164.31:25 * Linux 2.0.35 to 2.0.9999 :) postoffice.telstra.net 139.130.4.7:25 * FreeBSD, NetBSD, OpenBSD rodin.krdl.org.sg 137.132.252.27:25 * Solaris 2.x rtrwan160.accessone.com 206.213.115.74:25 *- Firewalled host/port or network congestion rvn-32-6.rs.extensis.com 198.145.32.6:25 * Windoze 95/98/NT sarip.sol.net:25 169.207.30.120:25 * FreeBSD, NetBSD, OpenBSD suebla.lnk.telstra.net 139.130.44.81:25 * FreeBSD, NetBSD, OpenBSD www.onelist.com 209.207.164.157:25 * Linux 2.0.35 to 2.0.9999 :) x.physics.usyd.edu.au 129.78.129.25:25 * FreeBSD, NetBSD, OpenBSD zamboni.mail.digex.net 204.91.99.98:25 *- Unknown OS, pleez update /usr/local/etc/queso.conf Greg -- See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message