Discussion:
Wrong OS detection due to xrdp
(too old to reply)
Christian Fischer
2018-06-07 15:03:38 UTC
Permalink
Hi,
Openvas detected a linux machine as Windows because linux machine was
running xrdp on port 3389.
OID of plugin is 1.3.6.1.4.1.25623.1.0.105937
I think the plugin should co-relate with other information before
confirming the OS.
it would be great if you could share the output of the following two
NVTs (either here at openvas-plugins or via private mail:

OS Detection Consolidation and Reporting (OID: 1.3.6.1.4.1.25623.1.0.105937)

Unknown OS and Service Banner Reporting (OID: 1.3.6.1.4.1.25623.1.0.108441)

Thanks,

--

Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
mohammad kashif
2018-06-08 08:20:11 UTC
Permalink
There is no unknown OS and Service Banner Reporting available for this
host. The host in question is RHEL 6 based OS and running xrdp on port 3389

OS Detection Consolidation and Banner Reporting output is

Vulnerability Detection Result
Best matching OS:
OS: Microsoft Windows CPE: cpe:/o:microsoft:windows
Found by NVT: 1.3.6.1.4.1.25623.1.0.100062 (Microsoft Remote Desktop
Protocol Detection)
Concluded from Microsoft Remote Desktop Protocol on port 3389/tcp
Setting key "Host/runs_windows" based on this information
Log Method
Details: OS Detection Consolidation and Reporting (OID:
1.3.6.1.4.1.25623.1.0.105937)

On Thu, Jun 7, 2018 at 4:03 PM, Christian Fischer <
Post by Christian Fischer
Hi,
Openvas detected a linux machine as Windows because linux machine was
running xrdp on port 3389.
OID of plugin is 1.3.6.1.4.1.25623.1.0.105937
I think the plugin should co-relate with other information before
confirming the OS.
it would be great if you could share the output of the following two
1.3.6.1.4.1.25623.1.0.105937)
Unknown OS and Service Banner Reporting (OID: 1.3.6.1.4.1.25623.1.0.108441)
Thanks,
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 OsnabrÃŒck, Germany | AG OsnabrÃŒck, HR B 202460
GeschÀftsfÌhrer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Christian Fischer
2018-06-27 14:04:12 UTC
Permalink
Hi,

and thanks for providing this information. It seems indeed that its
partly possible to differ between Xrdp and a Windows native RDP service
based on the response of the service.

The RDP Detection was reworked to make some assumptions on the
underlying OS (Windows or Linux/Unix) based on the response of the
service. Those changes should be included in one of the next feed updates.

Regards,
Post by mohammad kashif
There is no unknown OS and Service Banner Reporting available for this
host. The host in question is RHEL 6 based OS and running xrdp on port 3389
OS Detection Consolidation and Banner Reporting output is
Vulnerability Detection Result
OS: Microsoft Windows CPE: cpe:/o:microsoft:windows
Found by NVT: 1.3.6.1.4.1.25623.1.0.100062 (Microsoft Remote Desktop
Protocol Detection)
Concluded from Microsoft Remote Desktop Protocol on port 3389/tcp
Setting key "Host/runs_windows" based on this information
Log Method
1.3.6.1.4.1.25623.1.0.105937)
On Thu, Jun 7, 2018 at 4:03 PM, Christian Fischer <
Post by Christian Fischer
Hi,
Openvas detected a linux machine as Windows because linux machine was
running xrdp on port 3389.
OID of plugin is 1.3.6.1.4.1.25623.1.0.105937
I think the plugin should co-relate with other information before
confirming the OS.
it would be great if you could share the output of the following two
1.3.6.1.4.1.25623.1.0.105937)
Unknown OS and Service Banner Reporting (OID: 1.3.6.1.4.1.25623.1.0.108441)
Thanks,
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | https://www.greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Loading...