[OT]如何判断一个网站用的服务器是Windows还是Linux?
192 views
Skip to first unread message
left
Sep 14, 2012, 7:41:25 AM9/14/12
to sh...@googlegroups.com
如何判断一个网站用的服务器是Linux还是Windows呢?数据库可以判断出来么?
应对大规模访问,有没有什么优化方案?比如日访问量几十万级别的?
应对大规模访问,有没有什么优化方案?比如日访问量几十万级别的?
alswl
Sep 14, 2012, 8:27:14 AM9/14/12
to sh...@googlegroups.com
试试 `nmap -O target-server` ,可以探测出操作系统, nmap 会给出可能结果(带概率分析)
--
-----------------------------------------
alswl
Blog: http://log4d.com
Mail: alswlx[a]gmailDOTcom
-----------------------------------------
比如
```
nmap -O www.163.com
Starting Nmap 5.21 ( http://nmap.org ) at 2012-09-14 20:26 CST
Nmap scan report for www.163.com (61.153.56.191)
Host is up (0.067s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
80/tcp open http
88/tcp open kerberos-sec
443/tcp open https
445/tcp filtered microsoft-ds
3000/tcp open ppp
4444/tcp filtered krb524
8080/tcp open http-proxy
Device type: firewall|general purpose|WAP|telecom-misc|broadband router
Running (JUST GUESSING) : IPCop Linux 2.4.X (92%), Linux 2.6.X|2.4.X (92%), Avaya Linux 2.6.X (91%), Check Point Linux 2.4.X (89%), Linksys Linux 2.4.X (86%), USRobotics embedded (85%)
Aggressive OS guesses: IPCop firewall 1.4.10 - 1.4.21 (Linux 2.4.31 - 2.4.36) (92%), Linux 2.6.24 (Gentoo) (92%), OpenWrt (Linux 2.4.32) (91%), Avaya Communication Manager (Linux 2.6.11) (91%), Check Point firewall (Linux 2.4.21) (89%), OpenWrt Kamikaze 8.09 (Linux 2.6.25.20) (88%), Linux 2.6.18 (88%), Linux 2.6.24 (87%), IPCop firewall 1.4.16 (Linux 2.4.34) (86%), OpenWrt White Russian 0.9 (Linux 2.4.30) (86%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 10 hops
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 9.22 seconds
```
2012/9/14 left <lizhe...@gmail.com>
如何判断一个网站用的服务器是Linux还是Windows呢?数据库可以判断出来么?
应对大规模访问,有没有什么优化方案?比如日访问量几十万级别的?
--
-- You received this message because you are subscribed to the Google Groups Shanghai Linux User Group group. To post to this group, send email to sh...@googlegroups.com. To unsubscribe from this group, send email to shlug+un...@googlegroups.com. For more options, visit this group at https://groups.google.com/d/forum/shlug?hl=zh-CN
-----------------------------------------
alswl
Blog: http://log4d.com
Mail: alswlx[a]gmailDOTcom
-----------------------------------------
Yiling Cao
Sep 14, 2012, 11:06:49 AM9/14/12
to sh...@googlegroups.com
回答你title的问题,其实测不出来,都可以伪装,还可以跑子虚拟机。 判断端口可以是种方法。
Cheng
Sep 14, 2012, 11:47:32 AM9/14/12
to sh...@googlegroups.com
第二个关于优化的问题,你需要多给一些信息别人才能给你准确点的解答,你这样问问题无异于跑去医院症状啥的都一句不说,直接问有什么药能让我百病皆无,延年益寿。
lo.yu.linux
Sep 14, 2012, 8:01:41 AM9/14/12
to sh...@googlegroups.com
nmap
--
lilo1989.com
2012/9/14 left <lizhe...@gmail.com>
如何判断一个网站用的服务器是Linux还是Windows呢?数据库可以判断出来么?
应对大规模访问,有没有什么优化方案?比如日访问量几十万级别的?
--
-- You received this message because you are subscribed to the Google Groups Shanghai Linux User Group group. To post to this group, send email to sh...@googlegroups.com. To unsubscribe from this group, send email to shlug+un...@googlegroups.com. For more options, visit this group at https://groups.google.com/d/forum/shlug?hl=zh-CN
lilo1989.com
xiyoulaoyuanjia
Sep 14, 2012, 10:31:28 PM9/14/12
to sh...@googlegroups.com
想听听从端口判断的细节~
--
继续上路。。
2012/9/14 lo.yu.linux <lo.yu...@gmail.com>
继续上路。。
you can follow me at twitter
@xiyoulaoyuanjia
小马xiaoma
Sep 14, 2012, 11:09:22 PM9/14/12
to sh...@googlegroups.com
xiyoulaoyuanjia
Sep 14, 2012, 11:49:33 PM9/14/12
to sh...@googlegroups.com
http://www.ibm.com/developerworks/cn/opensource/os-cn-nmap/index.html
--
2012/9/15 小马xiaoma <cnxi...@gmail.com>
Sherlock
Sep 15, 2012, 11:57:42 AM9/15/12
to sh...@googlegroups.com
OS有自己的footprint
通常情况下可以用,但是也是可以伪装的==========
InitX
==========
通常情况下可以用,但是也是可以伪装的
InitX
==========
zergmk2
Sep 15, 2012, 12:24:55 PM9/15/12
to sh...@googlegroups.com
我就知道个低端的 用ping命令看服务器的ttl值
Pan Foo
Sep 18, 2012, 11:58:44 AM9/18/12
to sh...@googlegroups.com
基于服务器的判断方法,比如TTL,是可伪装的,比如NMAP,其原理也是多途径判断,误判的可能也存在,而且NMAP试图精确到发行版,这也不是你需要的把:)
最稳妥的办法其实是网站的网页文件名大小写,win下是不区分文件大小写的,而Linux区分,index.php修改成inDex.php(不限于此页面),倘若还能访问,那么就是win主机无疑了,404出现,那么就是Linux主机
至于footprint,自定义错误页面就不显示了,更可能有坏小子故意玩弄访客也不一定:)
Difan Zhang
Sep 18, 2012, 2:39:24 PM9/18/12
to sh...@googlegroups.com
如果不伪装:
curl --head www.h3c.com.cn
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
-> Windows
如果伪装:
Server: TsinghuaWebServer/1.1.1.0
-> 装B犯
(其实清华用的是 F5 Big IP)
对于伪装的这种:nmap综合判断,如果开了3389,几乎确定是Windows了。
当然,大型网站前面一般是有负载均衡的,比如:
[~] % curl --head www.renren.com
HTTP/1.1 200 OK
Date: Tue, 18 Sep 2012 18:04:31 GMT
Server: PWS/8.0.9.5
Transfer-Encoding: chunked
X-Px: nc sjc-ag1-n2 ( xuz-ag1-n4), nc xuz-ag1-n4 ( origin)
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
这里,X-Px: nc sjc-ag1-n2 ( xuz-ag1-n4), nc xuz-ag1-n4 ( origin) 很可能代表的是经过的一系列 cache 服务器以及上游服务器。对于这种东西,其实你没办法具体的从这里的指纹中看到用的是什么服务器,不过有时候错误信息可以 reveal 一些信息。校内用的是 nginx 做前端。PWS是 http://www.cdnetworks.com 的CDN服务。
这里来一个分析:
[BSD:root@mao] ~# nmap -A -T5 www.ifanr.com
Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-19 02:12 CST
Nmap scan report for www.ifanr.com (42.121.15.3)
Host is up (0.057s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.5p1 Debian 6+squeeze2 (protocol 2.0)
| ssh-hostkey: 1024 e0:df:43:a7:36:a9:f6:a5:26:9e:82:0e:60:53:bd:4a (DSA)
|_2048 e5:a4:a7:af:79:e6:32:dd:f6:ad:37:c7:fe:02:de:33 (RSA)
80/tcp open http Google httpd 2.0 (GFE)
|_http-methods: No Allow or Public header in OPTIONS response (status code 405)
|_http-title: \xE7\x88\xB1\xE8\x8C\x83\xE5\x84\xBF \xC2\xB7 Beats of Bits - \xE5\x8F\x91\xE7\x8E\xB0\xE5\x88\x9B\xE6\x96\xB0\xE4\xBB\xB7\xE5\x80\xBC\xE7\x9A\x84\xE7\xA7\x91\xE6\x8A\x80\xE5\xAA\x92\xE4\xBD\x93
7800/tcp open http thttpd 2.25b
|_http-title: Index of /
|_http-methods: No Allow or Public header in OPTIONS response (status code 501)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|media device|VoIP phone|print server|printer
Running (JUST GUESSING): DEC Digital UNIX 5.X (93%), Pioneer embedded (90%), Cisco embedded (88%), HP embedded (88%), OpenBSD 4.X (85%)
OS CPE: cpe:/o:dec:digital_unix:5 cpe:/h:cisco:unified_ip_phone_7911 cpe:/o:openbsd:openbsd:4.6
Aggressive OS guesses: DEC Digital UNIX 5.X (93%), Pioneer PRO-141 TV (90%), Cisco IP Phone 7911 (88%), Cisco IP Phone 7941, 7961, or 7975 (88%), HP 170X print server or Inkjet 3000 printer (88%), OpenBSD 4.6 (85%)
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 0.22 ms 10.0.101.254
2 0.35 ms bogon (10.0.100.33)
3 0.58 ms bogon (10.0.104.97)
4 1.08 ms 192.168.1.2
5 ... 7
8 0.43 ms 42.121.15.3
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 36.56 seconds
我们看到,开放了 22 80 7800 三个端口(实际上也只有这三个端口在 LISTEN),这里一下子就判断出来是 Linux 了。OpenSSH 5.5p1 Debian 6+squeeze2 (protocol 2.0) 这里就看出来是 Debian 6 了。下面的 Fingerprint 检测则比较扯淡了,因为开放的端口不多,所以机器判断错也是正常的了。
[BSD:root@mao] ~# nmap -A -T5 www.huxiu.com
Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-19 02:29 CST
Nmap scan report for www.huxiu.com (42.120.52.161)
Host is up (0.015s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE VERSION
21/tcp closed ftp
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
| ssh-hostkey: 1024 d3:7d:a1:4c:83:99:14:88:56:a1:08:6e:e9:55:66:6e (DSA)
|_2048 2e:10:ff:e8:31:38:43:e4:94:65:57:e8:e8:97:5e:03 (RSA)
80/tcp open http?
|_http-methods: No Allow or Public header in OPTIONS response (status code 405)
| http-robots.txt: 22 disallowed entries (15 shown)
| /api/ /data/ /source/ /install/ /template/ /config/
| /uc_client/ /uc_server/ /static/ /admin.php /search.php
|_/member.php /api.php /misc.php /connect.php
|_http-title: \xE8\x99\x8E\xE5\x97\x85\xE7\xBD\x91
554/tcp closed rtsp
1002/tcp closed windows-icfw
1521/tcp closed oracle
1720/tcp closed H.323/Q.931
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
OS CPE: cpe:/o:linux:kernel:2.6
Aggressive OS guesses: SonicWALL Aventail EX-1500 SSL VPN appliance (86%), Linux 2.6.9 - 2.6.18 (85%), Linux 2.6.18 (CentOS 5, x86_64, SMP) (85%), Linux 2.6.18 (85%)
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 0.22 ms 10.0.101.254
2 0.35 ms bogon (10.0.100.33)
3 15.59 ms bogon (10.0.104.97)
4 1.06 ms 192.168.1.2
5 ... 7
8 0.40 ms 42.120.52.161
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 61.24 seconds
来看这个。开放了22,80,确定是 Linux 机器。 OpenSSH 版本是 4.3,毫无疑问这是 CentOS 5 / RHEL 5 (市面上只有它用这么老的东西了)。
[BSD:root@mao] ~# curl -v 42.120.52.161
* About to connect() to 42.120.52.161 port 80 (#0)
* Trying 42.120.52.161...
* connected
* Connected to 42.120.52.161 (42.120.52.161) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.24.0 (amd64-portbld-freebsd9.0) libcurl/7.24.0 OpenSSL/0.9.8q zlib/1.2.5 libidn/1.22
> Host: 42.120.52.161
> Accept: */*
< HTTP/1.1 403 Forbidden
< Server: HWS/1.0
< Date: Tue, 18 Sep 2012 18:34:01 GMT
< Content-Type: text/html
< Content-Length: 164
< Connection: keep-alive
<
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>HWS/1.0</center>
</body>
</html>
* Connection #0 to host 42.120.52.161 left intact
* Closing connection #0
那么,毫无疑问,这是 nginx,改名叫 HWS。
市面上改 Web 服务器标签的不在少数。
--
Difan Zhang
Sent with Sparrow (http://www.sparrowmailapp.com/?sig)
On Tuesday, September 18, 2012 at 8:58 AM, Pan Foo wrote:
> 基于服务器的判断方法,比如TTL,是可伪装的,比如NMAP,其原理也是多途径判断,误判的可能也存在,而且NMAP试图精确到发行版,这也不是你需要的把:)
>
> 最稳妥的办法其实是网站的网页文件名大小写,win下是不区分文件大小写的,而Linux区分,index.php修改成inDex.php(不限于此页面),倘若还能访问,那么就是win主机无疑了,404出现,那么就是Linux主机
>
> 至于footprint,自定义错误页面就不显示了,更可能有坏小子故意玩弄访客也不一定:)
>
> 在 2012年9月16日星期日,zergmk2 写道:
> > 我就知道个低端的 用ping命令看服务器的ttl值
> >
> > On Sat, Sep 15, 2012 at 11:57 PM, Sherlock <initx...@gmail.com> wrote:
> > > OS有自己的footprint
> > > 通常情况下可以用,但是也是可以伪装的
> > >
> > >
> > > On Sat, Sep 15, 2012 at 11:49 AM, xiyoulaoyuanjia <xiyoula...@gmail.com> wrote:
> > > > http://www.ibm.com/developerworks/cn/opensource/os-cn-nmap/index.html
> > > >
> > > >
> > > > 2012/9/15 小马xiaoma <cnxi...@gmail.com>
> > > > > 看一个人是男是女,一般一眼就可以看出来。
> > > > >
> > > > > 但是要故意男扮女装,或者女扮男装的,就很难分辨了。
> > > > >
> > > > >
> > > > >
> > > > > 2012/9/14 Yiling Cao <yilin...@gmail.com>
> > > > > > 回答你title的问题,其实测不出来,都可以伪装,还可以跑子虚拟机。 判断端口可以是种方法。
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Fri, Sep 14, 2012 at 8:27 PM, alswl <als...@gmail.com> wrote:
> > > > > > > 试试 `nmap -O target-server` ,可以探测出操作系统, nmap 会给出可能结果(带概率分析)
> > > > > > >
> > > > > > > 比如
> > > > > > > ```
> > > > > > > nmap -O www.163.com (http://www.163.com)
> > > > > > > Nmap scan report for www.163.com (http://www.163.com) (61.153.56.191)
>
>
curl --head www.h3c.com.cn
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
-> Windows
如果伪装:
Server: TsinghuaWebServer/1.1.1.0
-> 装B犯
(其实清华用的是 F5 Big IP)
对于伪装的这种:nmap综合判断,如果开了3389,几乎确定是Windows了。
当然,大型网站前面一般是有负载均衡的,比如:
[~] % curl --head www.renren.com
HTTP/1.1 200 OK
Date: Tue, 18 Sep 2012 18:04:31 GMT
Server: PWS/8.0.9.5
Transfer-Encoding: chunked
X-Px: nc sjc-ag1-n2 ( xuz-ag1-n4), nc xuz-ag1-n4 ( origin)
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
这里,X-Px: nc sjc-ag1-n2 ( xuz-ag1-n4), nc xuz-ag1-n4 ( origin) 很可能代表的是经过的一系列 cache 服务器以及上游服务器。对于这种东西,其实你没办法具体的从这里的指纹中看到用的是什么服务器,不过有时候错误信息可以 reveal 一些信息。校内用的是 nginx 做前端。PWS是 http://www.cdnetworks.com 的CDN服务。
这里来一个分析:
[BSD:root@mao] ~# nmap -A -T5 www.ifanr.com
Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-19 02:12 CST
Nmap scan report for www.ifanr.com (42.121.15.3)
Host is up (0.057s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.5p1 Debian 6+squeeze2 (protocol 2.0)
| ssh-hostkey: 1024 e0:df:43:a7:36:a9:f6:a5:26:9e:82:0e:60:53:bd:4a (DSA)
|_2048 e5:a4:a7:af:79:e6:32:dd:f6:ad:37:c7:fe:02:de:33 (RSA)
80/tcp open http Google httpd 2.0 (GFE)
|_http-methods: No Allow or Public header in OPTIONS response (status code 405)
|_http-title: \xE7\x88\xB1\xE8\x8C\x83\xE5\x84\xBF \xC2\xB7 Beats of Bits - \xE5\x8F\x91\xE7\x8E\xB0\xE5\x88\x9B\xE6\x96\xB0\xE4\xBB\xB7\xE5\x80\xBC\xE7\x9A\x84\xE7\xA7\x91\xE6\x8A\x80\xE5\xAA\x92\xE4\xBD\x93
7800/tcp open http thttpd 2.25b
|_http-title: Index of /
|_http-methods: No Allow or Public header in OPTIONS response (status code 501)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|media device|VoIP phone|print server|printer
Running (JUST GUESSING): DEC Digital UNIX 5.X (93%), Pioneer embedded (90%), Cisco embedded (88%), HP embedded (88%), OpenBSD 4.X (85%)
OS CPE: cpe:/o:dec:digital_unix:5 cpe:/h:cisco:unified_ip_phone_7911 cpe:/o:openbsd:openbsd:4.6
Aggressive OS guesses: DEC Digital UNIX 5.X (93%), Pioneer PRO-141 TV (90%), Cisco IP Phone 7911 (88%), Cisco IP Phone 7941, 7961, or 7975 (88%), HP 170X print server or Inkjet 3000 printer (88%), OpenBSD 4.6 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 8 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 0.22 ms 10.0.101.254
2 0.35 ms bogon (10.0.100.33)
3 0.58 ms bogon (10.0.104.97)
4 1.08 ms 192.168.1.2
5 ... 7
8 0.43 ms 42.121.15.3
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 36.56 seconds
我们看到,开放了 22 80 7800 三个端口(实际上也只有这三个端口在 LISTEN),这里一下子就判断出来是 Linux 了。OpenSSH 5.5p1 Debian 6+squeeze2 (protocol 2.0) 这里就看出来是 Debian 6 了。下面的 Fingerprint 检测则比较扯淡了,因为开放的端口不多,所以机器判断错也是正常的了。
[BSD:root@mao] ~# nmap -A -T5 www.huxiu.com
Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-19 02:29 CST
Nmap scan report for www.huxiu.com (42.120.52.161)
Host is up (0.015s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE VERSION
21/tcp closed ftp
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
| ssh-hostkey: 1024 d3:7d:a1:4c:83:99:14:88:56:a1:08:6e:e9:55:66:6e (DSA)
|_2048 2e:10:ff:e8:31:38:43:e4:94:65:57:e8:e8:97:5e:03 (RSA)
80/tcp open http?
|_http-methods: No Allow or Public header in OPTIONS response (status code 405)
| http-robots.txt: 22 disallowed entries (15 shown)
| /api/ /data/ /source/ /install/ /template/ /config/
| /uc_client/ /uc_server/ /static/ /admin.php /search.php
|_/member.php /api.php /misc.php /connect.php
|_http-title: \xE8\x99\x8E\xE5\x97\x85\xE7\xBD\x91
554/tcp closed rtsp
1002/tcp closed windows-icfw
1521/tcp closed oracle
1720/tcp closed H.323/Q.931
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
Device type: firewall|general purpose
Running (JUST GUESSING): SonicWALL embedded (86%), Linux 2.6.X (85%)
OS CPE: cpe:/o:linux:kernel:2.6
Aggressive OS guesses: SonicWALL Aventail EX-1500 SSL VPN appliance (86%), Linux 2.6.9 - 2.6.18 (85%), Linux 2.6.18 (CentOS 5, x86_64, SMP) (85%), Linux 2.6.18 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 8 hops
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 0.22 ms 10.0.101.254
2 0.35 ms bogon (10.0.100.33)
3 15.59 ms bogon (10.0.104.97)
4 1.06 ms 192.168.1.2
5 ... 7
8 0.40 ms 42.120.52.161
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 61.24 seconds
来看这个。开放了22,80,确定是 Linux 机器。 OpenSSH 版本是 4.3,毫无疑问这是 CentOS 5 / RHEL 5 (市面上只有它用这么老的东西了)。
[BSD:root@mao] ~# curl -v 42.120.52.161
* About to connect() to 42.120.52.161 port 80 (#0)
* Trying 42.120.52.161...
* connected
* Connected to 42.120.52.161 (42.120.52.161) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.24.0 (amd64-portbld-freebsd9.0) libcurl/7.24.0 OpenSSL/0.9.8q zlib/1.2.5 libidn/1.22
> Host: 42.120.52.161
> Accept: */*
< HTTP/1.1 403 Forbidden
< Server: HWS/1.0
< Date: Tue, 18 Sep 2012 18:34:01 GMT
< Content-Type: text/html
< Content-Length: 164
< Connection: keep-alive
<
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>HWS/1.0</center>
</body>
</html>
* Connection #0 to host 42.120.52.161 left intact
* Closing connection #0
那么,毫无疑问,这是 nginx,改名叫 HWS。
市面上改 Web 服务器标签的不在少数。
--
Difan Zhang
Sent with Sparrow (http://www.sparrowmailapp.com/?sig)
On Tuesday, September 18, 2012 at 8:58 AM, Pan Foo wrote:
> 基于服务器的判断方法,比如TTL,是可伪装的,比如NMAP,其原理也是多途径判断,误判的可能也存在,而且NMAP试图精确到发行版,这也不是你需要的把:)
>
> 最稳妥的办法其实是网站的网页文件名大小写,win下是不区分文件大小写的,而Linux区分,index.php修改成inDex.php(不限于此页面),倘若还能访问,那么就是win主机无疑了,404出现,那么就是Linux主机
>
> 至于footprint,自定义错误页面就不显示了,更可能有坏小子故意玩弄访客也不一定:)
>
> 在 2012年9月16日星期日,zergmk2 写道:
> > 我就知道个低端的 用ping命令看服务器的ttl值
> >
> > On Sat, Sep 15, 2012 at 11:57 PM, Sherlock <initx...@gmail.com> wrote:
> > > OS有自己的footprint
> > > 通常情况下可以用,但是也是可以伪装的
> > >
> > >
> > > On Sat, Sep 15, 2012 at 11:49 AM, xiyoulaoyuanjia <xiyoula...@gmail.com> wrote:
> > > > http://www.ibm.com/developerworks/cn/opensource/os-cn-nmap/index.html
> > > >
> > > >
> > > > 2012/9/15 小马xiaoma <cnxi...@gmail.com>
> > > > > 看一个人是男是女,一般一眼就可以看出来。
> > > > >
> > > > > 但是要故意男扮女装,或者女扮男装的,就很难分辨了。
> > > > >
> > > > >
> > > > >
> > > > > 2012/9/14 Yiling Cao <yilin...@gmail.com>
> > > > > > 回答你title的问题,其实测不出来,都可以伪装,还可以跑子虚拟机。 判断端口可以是种方法。
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Fri, Sep 14, 2012 at 8:27 PM, alswl <als...@gmail.com> wrote:
> > > > > > > 试试 `nmap -O target-server` ,可以探测出操作系统, nmap 会给出可能结果(带概率分析)
> > > > > > >
> > > > > > > 比如
> > > > > > > ```
> > > > > > > Nmap scan report for www.163.com (http://www.163.com) (61.153.56.191)
> > > > > > > Host is up (0.067s latency).
> > > > > > > Not shown: 993 closed ports
> > > > > > > PORT STATE SERVICE
> > > > > > > 80/tcp open http
> > > > > > > 88/tcp open kerberos-sec
> > > > > > > 443/tcp open https
> > > > > > > 445/tcp filtered microsoft-ds
> > > > > > > 3000/tcp open ppp
> > > > > > > 4444/tcp filtered krb524
> > > > > > > 8080/tcp open http-proxy
> > > > > > > Device type: firewall|general purpose|WAP|telecom-misc|broadband router
> > > > > > > Running (JUST GUESSING) : IPCop Linux 2.4.X (92%), Linux 2.6.X|2.4.X (92%), Avaya Linux 2.6.X (91%), Check Point Linux 2.4.X (89%), Linksys Linux 2.4.X (86%), USRobotics embedded (85%)
> > > > > > > Aggressive OS guesses: IPCop firewall 1.4.10 - 1.4.21 (Linux 2.4.31 - 2.4.36) (92%), Linux 2.6.24 (Gentoo) (92%), OpenWrt (Linux 2.4.32) (91%), Avaya Communication Manager (Linux 2.6.11) (91%), Check Point firewall (Linux 2.4.21) (89%), OpenWrt Kamikaze 8.09 (Linux 2.6.25.20) (88%), Linux 2.6.18 (88%), Linux 2.6.24 (87%), IPCop firewall 1.4.16 (Linux 2.4.34) (86%), OpenWrt White Russian 0.9 (Linux 2.4.30) (86%)
> > > > > > > No exact OS matches for host (test conditions non-ideal).
> > > > > > > Network Distance: 10 hops
> > > > > > >
> > > > > > > OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
> > > > > > > Nmap done: 1 IP address (1 host up) scanned in 9.22 seconds
> > > > > > >
> > > > > > > ```
> > > > > > >
> > > > > > > 2012/9/14 left <lizhe...@gmail.com>
> > > > > > > > 如何判断一个网站用的服务器是Linux还是Windows呢?数据库可以判断出来么?
> > > > > > > > 应对大规模访问,有没有什么优化方案?比如日访问量几十万级别的?
> > > > > > > > --
> > > > > > > > -- You received this message because you are subscribed to the Google Groups Shanghai Linux User Group group. To post to this group, send email to sh...@googlegroups.com. To unsubscribe from this group, send email to shlug+un...@googlegroups.com. For more options, visit this group at https://groups.google.com/d/forum/shlug?hl=zh-CN
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> --
> -- You received this message because you are subscribed to the Google Groups Shanghai Linux User Group group. To post to this group, send email to sh...@googlegroups.com (mailto:sh...@googlegroups.com). To unsubscribe from this group, send email to shlug+un...@googlegroups.com (mailto:shlug+un...@googlegroups.com). For more options, visit this group at https://groups.google.com/d/forum/shlug?hl=zh-CN
> > > > > > > Not shown: 993 closed ports
> > > > > > > PORT STATE SERVICE
> > > > > > > 80/tcp open http
> > > > > > > 88/tcp open kerberos-sec
> > > > > > > 443/tcp open https
> > > > > > > 445/tcp filtered microsoft-ds
> > > > > > > 3000/tcp open ppp
> > > > > > > 4444/tcp filtered krb524
> > > > > > > 8080/tcp open http-proxy
> > > > > > > Device type: firewall|general purpose|WAP|telecom-misc|broadband router
> > > > > > > Running (JUST GUESSING) : IPCop Linux 2.4.X (92%), Linux 2.6.X|2.4.X (92%), Avaya Linux 2.6.X (91%), Check Point Linux 2.4.X (89%), Linksys Linux 2.4.X (86%), USRobotics embedded (85%)
> > > > > > > Aggressive OS guesses: IPCop firewall 1.4.10 - 1.4.21 (Linux 2.4.31 - 2.4.36) (92%), Linux 2.6.24 (Gentoo) (92%), OpenWrt (Linux 2.4.32) (91%), Avaya Communication Manager (Linux 2.6.11) (91%), Check Point firewall (Linux 2.4.21) (89%), OpenWrt Kamikaze 8.09 (Linux 2.6.25.20) (88%), Linux 2.6.18 (88%), Linux 2.6.24 (87%), IPCop firewall 1.4.16 (Linux 2.4.34) (86%), OpenWrt White Russian 0.9 (Linux 2.4.30) (86%)
> > > > > > > No exact OS matches for host (test conditions non-ideal).
> > > > > > > Network Distance: 10 hops
> > > > > > >
> > > > > > > OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
> > > > > > > Nmap done: 1 IP address (1 host up) scanned in 9.22 seconds
> > > > > > >
> > > > > > > ```
> > > > > > >
> > > > > > > 2012/9/14 left <lizhe...@gmail.com>
> > > > > > > > 如何判断一个网站用的服务器是Linux还是Windows呢?数据库可以判断出来么?
> > > > > > > > 应对大规模访问,有没有什么优化方案?比如日访问量几十万级别的?
> > > > > > > > --
> > > > > > > > -- You received this message because you are subscribed to the Google Groups Shanghai Linux User Group group. To post to this group, send email to sh...@googlegroups.com. To unsubscribe from this group, send email to shlug+un...@googlegroups.com. For more options, visit this group at https://groups.google.com/d/forum/shlug?hl=zh-CN
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> --
>
>
Úcarenya
Sep 18, 2012, 9:29:53 PM9/18/12
to sh...@googlegroups.com
trickie... 貌似windows的apache之类也是不分大小写,用OS pass过来的.
On 23:58 Tue 18 Sep , Pan Foo wrote:
> 基于服务器的判断方法,比如TTL,是可伪装的,比如NMAP,其原理也是多途径判断,误判
> 的可能也存在,而且NMAP试图精确到发行版,这也不是你需要的把:)
>
> 最稳妥的办法其实是网站的网页文件名大小写,win下是不区分文件大小写的,而Linux区
> 分,index.php修改成inDex.php(不限于此页面),倘若还能访问,那么就是win主机无疑
> 了,404出现,那么就是Linux主机
>
> 至于footprint,自定义错误页面就不显示了,更可能有坏小子故意玩弄访客也不一定:)
>
> 在 2012年9月16日星期日,zergmk2 写道:
>
> 我就知道个低端的用ping命令看服务器的ttl值
>
> On Sat, Sep 15, 2012 at 11:57 PM, Sherlock <initx...@gmail.com> wrote:
>
> OS有自己的footprint
> 通常情况下可以用,但是也是可以伪装的
>
> On Sat, Sep 15, 2012 at 11:49 AM, xiyoulaoyuanjia <
> xiyoula...@gmail.com> wrote:
>
> http://www.ibm.com/developerworks/cn/opensource/os-cn-nmap/
> index.html
>
> 2012/9/15 小马xiaoma <cnxi...@gmail.com>
>
> 看一个人是男是女,一般一眼就可以看出来。
>
> 但是要故意男扮女装,或者女扮男装的,就很难分辨了。
>
> 2012/9/14 Yiling Cao <yilin...@gmail.com>
>
> 回答你title的问题,其实测不出来,都可以伪装,还可以跑子虚拟
> 机。判断端口可以是种方法。
--
- Úcarenya - infernoxu at gmail dot com
- http://ucarenya.com/
On 23:58 Tue 18 Sep , Pan Foo wrote:
> 基于服务器的判断方法,比如TTL,是可伪装的,比如NMAP,其原理也是多途径判断,误判
> 的可能也存在,而且NMAP试图精确到发行版,这也不是你需要的把:)
>
> 最稳妥的办法其实是网站的网页文件名大小写,win下是不区分文件大小写的,而Linux区
> 分,index.php修改成inDex.php(不限于此页面),倘若还能访问,那么就是win主机无疑
> 了,404出现,那么就是Linux主机
>
> 至于footprint,自定义错误页面就不显示了,更可能有坏小子故意玩弄访客也不一定:)
>
> 在 2012年9月16日星期日,zergmk2 写道:
>
> 我就知道个低端的用ping命令看服务器的ttl值
>
> On Sat, Sep 15, 2012 at 11:57 PM, Sherlock <initx...@gmail.com> wrote:
>
> OS有自己的footprint
> 通常情况下可以用,但是也是可以伪装的
>
> On Sat, Sep 15, 2012 at 11:49 AM, xiyoulaoyuanjia <
> xiyoula...@gmail.com> wrote:
>
> http://www.ibm.com/developerworks/cn/opensource/os-cn-nmap/
> index.html
>
> 2012/9/15 小马xiaoma <cnxi...@gmail.com>
>
> 看一个人是男是女,一般一眼就可以看出来。
>
> 但是要故意男扮女装,或者女扮男装的,就很难分辨了。
>
> 2012/9/14 Yiling Cao <yilin...@gmail.com>
>
> 回答你title的问题,其实测不出来,都可以伪装,还可以跑子虚拟
- Úcarenya - infernoxu at gmail dot com
- http://ucarenya.com/
Alex Zhang
Sep 19, 2012, 12:46:16 AM9/19/12
to sh...@googlegroups.com
Windows NTFS 是可以支持区分大小写的。
--
Difan Zhang (@tifan)
http://difan.org.cn/ | http://blog.osqdu.org/
Reply all
Reply to author
Forward
0 new messages