# Identifying Freebsd PCs on the public network.



## fbsd1 (May 31, 2010)

Is there any way to locate Freebsd PCs on the public Internet?

Sure there are bots that roll through the ip address ranges doing post scans.

But what would a port scan have to look for to identify a Freebsd system?

Is there some thing other than port scanning to do this?

I looking to generate a rough number to compare to bsdstats website.


----------



## gilinko (May 31, 2010)

I would say that any type of port scan over large ranges of IP's will in some way lead you to a hefty fine and most definitely your ISP will cut you off. To avoid that you will need a botnet, and then it will most likely lead to your head being detached from your body by me 

But in all reality, any information from a portscan would be useless to gain information about how large the installed base of FreeBSD is when you simply take into account the number of firewalls that is in front of most systems. Also I'm not sure you can gain any knowledge about what type of OS is used from a "simple" scan. In my case (if you could get that information) you would see one install of NetBSD, but not the ~60 FreeBSD servers behind it.

To gain more reliable statistics I would actually talk to the FreeBSD core team and put together information from the freebsd-update servers and cvs server on how many different clients access them from their access logs.


----------



## aragon (May 31, 2010)

pf's OS fingerprinting feature might be helpful...


----------



## SirDice (May 31, 2010)

As far as I'm aware there isn't a country in the world that made portscanning illegal. security/nmap is probably the best tool for the job. It has some nice target OS detecting features. There's also a thing called banner grabbing. Enough tricks to scan the internet to your heart's content. You can even leverage google. 

Now, it may not be illegal, it's still frowned upon. Repeated (port) scanning of the same hosts could result in an abuse email to your internet provider. They might decide you are breaching their terms of service and cut you off.


----------

