[unisog] Identifying if node is a router or PC

Dr. Neal Krawetz hf at hackerfactor.com
Mon Jul 16 16:31:00 GMT 2007


Hi Frank,

I've read some of the followup posts and they are really good.
However, have you tried something a little more direct?

E.g., if you are on the LAN side of the router, then you can usually
connect to it on port 80 and see the basic-auth string.  Some examples:

# This is a Dlink DI-604
$ echo -e "GET / HTTP/1.0\n" | nc host1 80 | grep -e WWW-Authenticate -e "Server:"
Server: Embedded HTTP Server 3.52
WWW-Authenticate: Basic realm="DI-604"
 
# This is a Linksys WRT54G
$ echo -e "GET / HTTP/1.0\n" | nc host2 80 | grep -e WWW-Authenticate -e "Server:"
Server: Intoto Http Server v1.0
WWW-Authenticate: Basic realm="WRT54G" 

Even if you don't recognize the router, you can collect the basic-auth
strings and go back and look at them later.

You are definitely right about nmap and p0f not always being accurate.
If two hosts are connected via the 4-port LAN interface on a Dlink, then
nmap -O will identify the Dlink and not the host.  (Same for Linksys
and SMC Baracade.)

					-Neal
--
Neal Krawetz, Ph.D.
Hacker Factor Solutions
http://www.hackerfactor.com/
Author of "Introduction to Network Security" (Charles River Media, 2006)
and "Hacking Ubuntu" (Wiley, 2007)


On Sat, Jul 14, 2007 at 03:53:42PM -0500, Frank Bulk wrote:
> Does anyone know of a program, or preferably, a Perl module, that would
> allow me to identify if a node is a computer or a broadband router?
> Information beyond that (such as OS or broadband router model number) would
> be a bonus.
> 
> I looked at nmap, but based on my reading an anecdotal tests, it doesn't
> seem to do that well on routers that are doing NAT.  I would even accept MAC
> address identification, too, if there was actually an updated list that
> extended beyond the standard OUI.
> 
> Any suggestions would be helpful.  I've also looked at p0f and SinFP, and
> they don't appear to be any more helpful.
> 
> Regards,
> 
> Frank


More information about the unisog mailing list