Arch Linux

bones

Member

From: Brisbane

Registered: 2006-03-24

Posts: 322

Website

Now I'm really confused? [mystery solved]

This has me frying the old brain cells, which is risky as I don't have many left:o
Ran  sudo nmap -A -T4 localhost  this morning and the results where good but what has me confused is towards the end I see this

Running: Linux 2.6.X
OS details: Centos 4.3 Linux 2.6.17.11-grsec (Centos 4.3, X86)

Have I found out the secret? Arch is really a modified Centos:)

Don't send out the Hired Goons, I promise to keep it a secret

Last edited by bones (2007-02-19 19:43:11)

---

"When once you have tasted flight, you will forever walk the earth with your eyes turned skyward, for there you have been, and there you will always long to return."

aRcHaTe

Member

Registered: 2006-10-24

Posts: 646

Re: Now I'm really confused? [mystery solved]

wtf? that cant be right...

Last edited by sickhate (2007-02-19 07:56:36)

---

Its a sick world we live in....

bones

Member

From: Brisbane

Registered: 2006-03-24

Posts: 322

Website

Re: Now I'm really confused? [mystery solved]

wtf? that cant be right...

That's exactly my feelings, maybe some lowlife change my OS while I was asleep or I've died and gone to HELL

---

"When once you have tasted flight, you will forever walk the earth with your eyes turned skyward, for there you have been, and there you will always long to return."

aRcHaTe

Member

Registered: 2006-10-24

Posts: 646

Re: Now I'm really confused? [mystery solved]

lool to be or not to be bones....errr.bones....maybe the first one..the lowlife...there is many aplications to protect your computer....clean all the shit or reinstall...run rkhunter or other hunter for rootkits..

Last edited by sickhate (2007-02-19 08:30:28)

---

Its a sick world we live in....

bones

Member

From: Brisbane

Registered: 2006-03-24

Posts: 322

Website

Re: Now I'm really confused? [mystery solved]

Run chkrootkit and rkhunter
Behind firewall
Check logs
No ports open that shouldn't be.

Everything seems normal with nothing out of place, in fact this system is nearly invisable to the outside world, Can' even see this box from my other computer.I'll have a look at my router logs and see if they show anything cause I'm not looking forward to a reinstall but if I can't find anything I suppose I'll have to

---

"When once you have tasted flight, you will forever walk the earth with your eyes turned skyward, for there you have been, and there you will always long to return."

bzklrm

Member

From: Australia

Registered: 2005-04-18

Posts: 36

Re: Now I'm really confused? [mystery solved]

hmmmm....

>sudo nmap -A -T4 localhost
...
Running: Linux 2.6.X
OS details: Linux 2.6.17-10.33 (Ubuntu)

\Weird...

noriko

Member

From: In My Mind

Registered: 2006-06-09

Posts: 535

Website

Re: Now I'm really confused? [mystery solved]

[root@luxbox ~]# nmap -A -T4 localhost

Starting Nmap 4.20 ( http://insecure.org ) at 2007-02-19 11:09 GMT
Interesting ports on luxbox (127.0.0.1):
Not shown: 1696 closed ports
PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd
No exact OS matches for host (If you know what OS is running on it, see http://insecure.org/nmap/submit/ ).
...

it's likely a misread state or something...
i think it aimes to out put he same as `uname -a` ; i'd check that for weirdness...

---

The.Revolution.Is.Coming - - To fight, To hunger, To Resist!

bones

Member

From: Brisbane

Registered: 2006-03-24

Posts: 322

Website

Re: Now I'm really confused? [mystery solved]

HA maybe we've all been hacked. We'll check with insecure.org and see what I can find out, maybe someone there knows what causes this. My other computer with Arch gets the same results and thats only connected during updates. That's just a spare machine that the kids use to play games, and for me to play with other distros. Hell the damn thing even has windows 3.1 runing on it also.

uname -a shows
Linux jaguar 2.6.20-ARCH #1 SMP PREEMPT Sat Feb 17 16:59:09 CET 2007 i686 Intel(R) Celeron(R) CPU 1.70GHz GenuineIntel GNU/Linux

Last edited by bones (2007-02-19 11:33:11)

---

"When once you have tasted flight, you will forever walk the earth with your eyes turned skyward, for there you have been, and there you will always long to return."

Bebo

Member

From: Göteborg, Sweden

Registered: 2006-06-07

Posts: 207

Re: Now I'm really confused? [mystery solved]

I'm pretty sure that the OS info that nmap prints out is obtained by OS fingerprinting; it looks at the packets it receives during a port scan and tries to guess what OS is running on the scanned computer. Of course that can go badly if it hasn't got proper fingerprints for a specific OS. Also, the fingerprints might overlap, which makes it even harder.

<EDIT>
Ah, yes, the -A option enables "OS detection", i.e. OS fingerprinting. So now I'm not only "pretty sure", but quite certain
</EDIT>

Last edited by Bebo (2007-02-19 13:36:48)

phrakture

Arch Overlord

From: behind you

Registered: 2003-10-29

Posts: 7,879

Website

Re: Now I'm really confused? [mystery solved]

nmap uses an "OS fingerprint" to try and detect your OS.  I submitted an archlinux fingerprint to insecure.org a few minutes ago, so we'll see where this goes.

For the record, my output contained:

No exact OS matches for host (If you know what OS is running on it, see http://insecure.org/nmap/submit/ ).

---

http://phraktured.net

dtw

Forum Fellow

From: UK

Registered: 2004-08-03

Posts: 4,439

Website

Re: Now I'm really confused? [mystery solved]

It's certainly not hackers anyway...

bones

Member

From: Brisbane

Registered: 2006-03-24

Posts: 322

Website

Re: Now I'm really confused? [mystery solved]

It's certainly not hackers anyway...

I figured that after doing some research, An OS fingerprint and details were sent to the devs so it can be put into their OS fingerprint db

---

"When once you have tasted flight, you will forever walk the earth with your eyes turned skyward, for there you have been, and there you will always long to return."