Re: VMWare

[Tobias Glemser <tglemser@tele-consulting.com>]

Nitin,

> While scanning networks how good is nessus in identifying VMWare
> running machines?
There seems to be no plugin doing that (altough it seems to be a good 
idea to me). But as long as the MAC Adresses within the VMware are not 
changed, you can identify those systems by having a look at the vendor 
part of the MAC. I would just do a quick nmap scan to resolve that.
 [root@26 ~]# nmap -sS -O mysystem.mynetwork.local
 Starting Nmap 4.20 ( http://insecure.org ) at 2006-12-21 12:06 CET
 Interesting ports on mysystem.mynetwork.local:
 Not shown: 1696 filtered ports
 PORT      STATE  SERVICE
 22/tcp    open   ssh
 MAC Address: 00:0C:29:74:34:44 (VMware)


> Does nesssus scan and report OS and Applications on VMWare
> successfully?
Mandriva Linux 10.2 on VMware-Server

 Security Note found (general/tcp)
 Plugin-ID      11936
 Description    Nessus was not able to reliably identify the remote
                operating system. It might be:
                 IBM OS/400
                 Linux Kernel 2.4
                 SCO UnixWare 8.0

Mandriva Linux 10.2 on "real" device (same patchlevel as vmware 
installation)
 Security Note found (general/tcp)
 Plugin-ID      11936
 Description    The remote host is running Linux Kernel
                 2.6.12-27mdk-i686-up-4GB (i386)

It seems like the beaviour for fingerpriting the OS changes (Layer 2(?), 
3 and 4) when using VMware. This does not affect any application, for 
the fingerprinting mechanisms can only base on the beaviour of the 
applications themselves (Layer 5-7).
This makes it a princible driven problem, so every OS detection I know 
will fail. E.g. nmap
Mandriva Linux 10.2 on VMware-Server
  Device type: general purpose|printer|WAP|specialized|storage-misc
  Running (JUST GUESSING) : Linux 2.6.X|2.4.X (92%), Xerox embedded
  (88%), etc etc etc

Mandriva Linux 10.2 on "real" device (same patchlevel as vmware 
installation)
  Device type: general purpose
  Running: Linux 2.6.X
  OS details: Linux 2.6.9 - 2.6.12 (x86)

Cheers,

Toby

Shingari, Nitin V. schrieb:
> Hi folks,
>
>  
>
> While scanning networks how good is nessus in identifying VMWare running 
> machines?
> Does nesssus scan and report OS and Applications on VMWare successfully?
>
>  
>
> Warm Regards
>
> Nitin Shingari
>
> nvshingari@ipolicynetworks.com
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus