wierd ones

SephStormSephStorm Member Posts: 1,732
So theoretically, I was checking devices on my network at work today, and discovered a few unknown devices.

So I pinged them, they were up, I typed in the IP addresses to see if they were printers, or other devices with web interfaces, no luck, and finally I telnet-ed to them.

Some of the devices came up with messages I cant remember all of it, but it mentioed switch and ios so I assume these are cisco switches, but I didnt recieve a login prompt or the "User Access Verification Banner. Maybe a different company that uses an "ios"

One device, and here is the weird one, came up with a blank black screen with a small rectangle and the word "login" in the center of the screen... No banner or nothing...

Any ideas on what these devices could be?

Comments

  • networker050184networker050184 Mod Posts: 11,962 Mod
    Get the MAC and you can at least narrow down the vendor and go from there.
    An expert is a man who has made all the mistakes which can be made.
  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,800 ■■■■■■■■□□
    Have you run an IP fingerprint (e.g. NMAP)?
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • SephStormSephStorm Member Posts: 1,732
    well due to separation of duties and restrictions on software we can install and run on our systems, nmap I believe is off the table... I know we have AngryIP Scanner, I dont know if it can provide the info.

    you guys should have been there, the look on my face when I saw that login prompt had to have been priceless...
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,909 Mod
    If there's DHCP through AD (and you ave access to it) you could check for reservations for those specific addresses. Next step for me would be checking documentation.
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAMember Posts: 5,735 ■■■■■■■■■■
    SephStorm wrote: »
    well due to separation of duties and restrictions on software we can install and run on our systems, nmap I believe is off the table... I know we have AngryIP Scanner, I dont know if it can provide the info.

    you guys should have been there, the look on my face when I saw that login prompt had to have been priceless...

    Actually you can get more information than you would think with AngryIP:
    As a rule, user provides a list of IP addresses to the scanner with the goal of sequentially probing all of them and gathering interesting information about each address as well as overall statistics. The gathered information may include the following:
    • whether the host is up (alive, responding) or down (dead, not responding)
    • average roundtrip time (of IP packets to the destination address and back) – the same value as shown by the ping program
    • TTL (time to live) field value from the IP packet header, which can be used to find out the rough distance to the destination address (in number of routers the packet has traveled)
    • host and domain name (by using a DNS reverse lookup)
    • versions of particular services running on the host (e.g., “Apache 2.0.32 (Linux 2.6.9)” in case of a web server)
    • open (responding) and filtered TCP and UDP port numbers
    • ... and much more

    Angry IP Scanner : Documentation - IP and Port Scanner Tool for Analyzing Networks
    Currently working on: Linux and Python
  • SephStormSephStorm Member Posts: 1,732
    Thanks V!

    @cyberguy, I dont know how they implement DHCP, but I'll find out. I know many of our end user workstations are DHCP, but I know that most other devices that we set up are static.... the problem with really large companies it that you cave various IT departments.
  • SephStormSephStorm Member Posts: 1,732
    So remember the wierd prompt that I mentioned, I showed it to a buddy who went to the same school I went to, we both thought it looked familiar.

    Turns out that we had a Solaris class back in school, and we used to remote into the instuctors machine. It was a solaris system. We just have no idea why there is a Solaris system on our segment of the network. Anyone know any network devices based in solaris?
  • MickQMickQ Member Posts: 628 ■■■■□□□□□□
    Possible rogue or an abandoned lab project?
  • SephStormSephStorm Member Posts: 1,732
    quite possible. I am out of the office for a while, but the IAM said he was going to have some people look into it.
  • colemiccolemic Member Posts: 1,568 ■■■■■■■□□□
    You could also turn off the port and see who complains... what about wireshark to see what kind of traffic it is sending/receiving?
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • cleveohcleveoh Member Posts: 38 ■■□□□□□□□□
    "One device, and here is the weird one, came up with a blank black screen with a small rectangle and the word "login" in the center of the screen... No banner or nothing..."

    Sounds like it could be an Adtran 550 or 800, the default password is "password" with no user name.
Sign In or Register to comment.