Nmap Announce mailing list archives
Re: Linux 2.0.36 detected as 2.0.35
From: Peter van Dijk <peter () attic vuurwerk nl>
Date: Wed, 16 Dec 1998 22:25:41 +0100
On Wed, Dec 16, 1998 at 02:29:20PM -0600, Mario Camou wrote:
Hi, Just to say, Linux running kernel 2.0.36 is erroneously detected as 2.0.35, here's the fingerprint for 2.0.36: Remote operating system guess: Linux 2.0.35 OS Fingerprint: T1(Resp=Y%DF=N%W=7FE0%ACK=S++%Flags=AS%Ops=ME) T2(Resp=N) T3(Resp=Y%DF=N%W=7FE0%ACK=S++%Flags=ASF%Ops=ME) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Here's the fingerprint for a 2.0.35 box: Remote operating system guess: Linux 2.0.35 OS Fingerprint: TSeq(Class=TR) T1(Resp=Y%DF=N%W=7FE0%ACK=S++%Flags=AS%Ops=ME) T2(Resp=N) T3(Resp=Y%DF=N%W=7FE0%ACK=S++%Flags=ASF%Ops=ME) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) They look the same! What to do then?
They are the same. From what I see here (I have a .35 and .36 which both give this fingerprint) you can't tell the difference. Another point: I found that running nmap -O thru a masquerading firewall is not really reliable :( Greetz, Peter. -- 'I guess anybody who walks away from a root shell at : Peter van Dijk a nerd party gets what they deserve!' -- BillSF :peter () attic vuurwerk nl -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- finger hardbeat () flits104-161 flits rug nl for my public PGP-key - --- - --- - --- - --- - --- - --- - --- - --- - --- -
Current thread:
- HPUX fingerprint Jonathan Scott Duff (Dec 15)
- Re: HPUX fingerprint Evan Brewer (Dec 16)
- Re: HPUX fingerprint Fyodor (Dec 16)
- Re: HPUX fingerprint Max Vision (Dec 16)
- Linux 2.0.36 detected as 2.0.35 Mario Camou (Dec 16)
- Re: Linux 2.0.36 detected as 2.0.35 Lucid Dream (Dec 16)
- Re: Linux 2.0.36 detected as 2.0.35 Mario Camou (Dec 16)
- Re: Linux 2.0.36 detected as 2.0.35 Peter van Dijk (Dec 16)
- Re: Linux 2.0.36 detected as 2.0.35 Fyodor (Dec 19)
- Re: Linux 2.0.36 detected as 2.0.35 Evan Brewer (Dec 16)
- <Possible follow-ups>
- Re: HPUX fingerprint Evan Brewer (Dec 16)