Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Some Things are Obvious . . .  (Read 2742 times)

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Some Things are Obvious . . .
« on: October 18, 2017, 01:06:21 AM »

 . . . others require a little effort.

This follows on from Browni's post to Ixel's ECI Line Card 0xb206 vs 0xd086 thread.

A little while ago a "service fingerprint", resulting from an "nmap" scan, appeared before my eyes --

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port23-TCP:V=5.51%I=7%D=10/14%Time=59E21469%P=x86_64-redhat-linux-gnu%r
SF:(NULL,341,"\xff\xfb\x01\xff\xfb\x03\r\n\r\n\r\n\x20\x20\x20\x20\x20\x20
SF:\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@@@@@@\x20
SF:\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\
SF:x20\x20\x20\x20@@@\r\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20@
SF:@@@@\x20\x20\x20\x20\x20\x20@@@@@@@@@@\x20\x20\x20\x20\x20@@@\x20\x20\x
SF:20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20@@@@@\r\n\x20\x20\x20\x20\
SF:x20\x20\x20\x20\x20\x20\x20@@@\x20@@@\x20\x20\x20\x20\x20@@@\x20\x20\x2
SF:0\x20\x20@@@\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\
SF:x20\x20\x20@@@\x20@@@\r\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20@@@\x2
SF:0\x20\x20@@@\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20@
SF:@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x20@@@\x20\x20\x20@@@\r\n
SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20@@@\x20\x20\
SF:x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20@@@\x20\x20\x20\x20\x20\x2
SF:0\x20@@@\x20\x20\x20@@@\x20\x20\x20\x20\x20@@@\r\n\x20\x20\x20\x20\x20\
SF:x20\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20@@@\x20\x20\x20\x2
SF:0\x20\x20\x20@@@\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20@@@\x
SF:20\x20\x20\x20\x20\x20\x20@@@\r\n\x20\x20\x20\x20\x20\x20\x20\x20@@@@@@
SF:@@@@@@@\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20@@@\x20\x2
SF:0\x20\x20\x20@@@\x20\x20\x20@@@@@@@@@@@@@\r\n\x20\x20\x20\x20\x20\x20\x
SF:20\x20@@@@@@@@@@@@@\x20\x20@@@\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x
SF:20\x20@@@\x20\x20\x20@@@\x20\x20\x20\x20@@@@@@@@@@@@@\r\n\x20\x20\x20\x
SF:20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20@@@\x20\x20
SF:\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20@@@\x20\x20\x20\x20\x
SF:20@@@\x20\x20\x20\x20\x20\x20\x20@@@\r\n\x20\x20\x20\x20\x20\x20\x20\x2
SF:0@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20@@@@@@@@@@\x20\x20\x20\x20\x
SF:20\x20\x20\x20\x20@@@@@\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\
SF:x20\x20@@@\r\n\x20\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x
SF:20\x20@@@\x20\x20@@@@@@@@\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
SF:20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\r\n
SF:\r\n\x20\x20\x20Copyright\x20\(C\)\x202002-2010\x20ADVA\x20Optical\x20N
SF:etworking\.\x20All\x20rights\x20reserved\.\r\n\r\n\r\n\r\nLogin:");


b*cat thought Hmm  :hmm:  . . . and then laughed.  :D

Why? Because a little manipulation of that stream of bytes shows --

"\xff\xfb\x01\xff\xfb\x03


             @@@       @@@@@@@@       @@@       @@@       @@@
            @@@@@      @@@@@@@@@@     @@@       @@@      @@@@@
           @@@ @@@     @@@     @@@    @@@       @@@     @@@ @@@
          @@@   @@@    @@@      @@@   @@@       @@@    @@@   @@@
         @@@     @@@   @@@       @@@  @@@       @@@   @@@     @@@
        @@@       @@@  @@@       @@@  @@@       @@@  @@@       @@@
        @@@@@@@@@@@@@  @@@       @@@   @@@     @@@   @@@@@@@@@@@@@
        @@@@@@@@@@@@@  @@@      @@@     @@@   @@@    @@@@@@@@@@@@@
        @@@       @@@  @@@     @@@       @@@ @@@     @@@       @@@
        @@@       @@@  @@@@@@@@@@         @@@@@      @@@       @@@
        @@@       @@@  @@@@@@@@            @@@       @@@       @@@

   Copyright (C) 2002-2010 ADVA Optical Networking. All rights reserved.



Login:"


The first thirteen bytes of the "fingerprint" declares "SF-Port23-TCP", so an examination of RFC854 (and its update, RFC5198) will explain the string "\xff\xfb\x01\xff\xfb\x03" (i.e. 0xff 0xfb 0x01 0xff 0xfb 0x03, when laid out nicely for the eye). The rest is just a visual effect before the invitation to "Login".
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 43467
  • Penguins CAN fly
    • DSLstats
Re: Some Things are Obvious . . .
« Reply #1 on: October 18, 2017, 07:17:15 AM »

Amazing detective work  :D
Logged
  Eric

Black Sheep

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5717
Re: Some Things are Obvious . . .
« Reply #2 on: October 18, 2017, 07:27:09 AM »

Damned cat ...... beat me to it by 5mins !!!  ;) ;D ;D
Logged

renluop

  • Kitizen
  • ****
  • Posts: 3326
Re: Some Things are Obvious . . .
« Reply #3 on: October 18, 2017, 08:54:30 AM »

All's well! I'm completely lost. No one can call that an alternative fact.  :crazy:
Logged

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Some Things are Obvious . . .
« Reply #4 on: October 18, 2017, 12:29:54 PM »

Nice one. ;D
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

WWWombat

  • Kitizen
  • ****
  • Posts: 1674
Re: Some Things are Obvious . . .
« Reply #5 on: October 18, 2017, 03:40:01 PM »

Just a shame that the RFCs won't then tell you what login id you need!

Was that found on the normal telnet port, or a different one?
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Some Things are Obvious . . .
« Reply #6 on: October 18, 2017, 05:21:01 PM »

Just a shame that the RFCs won't then tell you what login id you need!

Perhaps I should write my own RFC, asking for suggestions.  ;D

Quote
Was that found on the normal telnet port, or a different one?

I refer my learned friend (and kitteh carrier) to the string "SF-Port23-TCP" which declares the standard telnet port number assignment.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

WWWombat

  • Kitizen
  • ****
  • Posts: 1674
Re: Some Things are Obvious . . .
« Reply #7 on: October 18, 2017, 06:12:12 PM »


Having not done much with nmap before, I wasn't sure if that part reported what it found, or where it found it. Another microsecond of thinking might have provided the answer ....  :paperbag:

Perhaps I should 0xFF 0xFB 0x12
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Some Things are Obvious . . .
« Reply #8 on: October 18, 2017, 06:41:33 PM »

Perhaps I should 0xFF 0xFB 0x12

(IAC) WILL DC2  :-X
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

WWWombat

  • Kitizen
  • ****
  • Posts: 1674
Re: Some Things are Obvious . . .
« Reply #9 on: October 19, 2017, 09:48:23 AM »

Ooh had to search for DC2...
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Some Things are Obvious . . .
« Reply #10 on: October 19, 2017, 06:59:41 PM »

Ooh had to search for DC2...

What else does 0x12 (18dec) (00010010bin) represent?
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

WWWombat

  • Kitizen
  • ****
  • Posts: 1674
Re: Some Things are Obvious . . .
« Reply #11 on: October 19, 2017, 10:20:07 PM »

I thought you were replying with a new message, rather than reflecting. And while I've used ASCII lots, I've never had to get bogged down in the names of the control codes, they've never been even close to the front of my brain! I started looking for 2-byte telnet control codes instead  :-[
Logged
 

anything