wierd ones

So theoretically, I was checking devices on my network at work today, and discovered a few unknown devices.

So I pinged them, they were up, I typed in the IP addresses to see if they were printers, or other devices with web interfaces, no luck, and finally I telnet-ed to them.

Some of the devices came up with messages I cant remember all of it, but it mentioed switch and ios so I assume these are cisco switches, but I didnt recieve a login prompt or the "User Access Verification Banner. Maybe a different company that uses an "ios"

One device, and here is the weird one, came up with a blank black screen with a small rectangle and the word "login" in the center of the screen... No banner or nothing...

Any ideas on what these devices could be?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

networker050184

Get the MAC and you can at least narrow down the vendor and go from there.

Ahriakin

Have you run an IP fingerprint (e.g. NMAP)?

Asif Dasl

First impression would be a print server or photocopier.

SephStorm

well due to separation of duties and restrictions on software we can install and run on our systems, nmap I believe is off the table... I know we have AngryIP Scanner, I dont know if it can provide the info.

you guys should have been there, the look on my face when I saw that login prompt had to have been priceless...

cyberguypr

If there's DHCP through AD (and you ave access to it) you could check for reservations for those specific addresses. Next step for me would be checking documentation.

veritas_libertas

SephStorm wrote: »

well due to separation of duties and restrictions on software we can install and run on our systems, nmap I believe is off the table... I know we have AngryIP Scanner, I dont know if it can provide the info.

you guys should have been there, the look on my face when I saw that login prompt had to have been priceless...

Actually you can get more information than you would think with AngryIP:

As a rule, user provides a list of IP addresses to the scanner with the goal of sequentially probing all of them and gathering interesting information about each address as well as overall statistics. The gathered information may include the following:
whether the host is up (alive, responding) or down (dead, not responding)

average roundtrip time (of IP packets to the destination address and back) – the same value as shown by the ping program

TTL (time to live) field value from the IP packet header, which can be used to find out the rough distance to the destination address (in number of routers the packet has traveled)

host and domain name (by using a DNS reverse lookup)

versions of particular services running on the host (e.g., “Apache 2.0.32 (Linux 2.6.9)” in case of a web server)

open (responding) and filtered TCP and UDP port numbers

... and much more

Angry IP Scanner : Documentation - IP and Port Scanner Tool for Analyzing Networks

SephStorm

Thanks V!

@cyberguy, I dont know how they implement DHCP, but I'll find out. I know many of our end user workstations are DHCP, but I know that most other devices that we set up are static.... the problem with really large companies it that you cave various IT departments.

SephStorm

So remember the wierd prompt that I mentioned, I showed it to a buddy who went to the same school I went to, we both thought it looked familiar.

Turns out that we had a Solaris class back in school, and we used to remote into the instuctors machine. It was a solaris system. We just have no idea why there is a Solaris system on our segment of the network. Anyone know any network devices based in solaris?

MickQ

Possible rogue or an abandoned lab project?

SephStorm

quite possible. I am out of the office for a while, but the IAM said he was going to have some people look into it.

colemic

You could also turn off the port and see who complains... what about wireshark to see what kind of traffic it is sending/receiving?

cleveoh

"One device, and here is the weird one, came up with a blank black screen with a small rectangle and the word "login" in the center of the screen... No banner or nothing..."

Sounds like it could be an Adtran 550 or 800, the default password is "password" with no user name.