Nmap Development mailing list archives
OS guessing suggestion
From: "Ray Bero" <ray () nameintel com>
Date: Sun, 3 Aug 2003 13:44:40 -0700
Hello, I'm new to the list and hope this hasn't been covered. I'm currently working on a project to use nmap's excellent OS detection functionality to determine the OS of web servers. I have added a little code to enforce only using fingerprints that are marked 'general purpose' as the rest don't usually apply to web servers. I was hoping to decrease the number of top tying accuracy scores I was getting. Although this removes most of the noise guesses (when dealing strictly with www server OS detection), I think there is an easy way to do one better. Here is an example an OS detection with multiple guesses... ./nmap -O -n -P0 -p80 -sT www.colt.com Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-08-03 13:09 PDT Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Interesting ports on 209.35.183.201: Port State Service 80/tcp open http Device type: general purpose Running (JUST GUESSING) : IBM AIX 4.X (85%), Microsoft Windows 2003/.NET|NT/2K/XP (85%) Aggressive OS guesses: IBM AIX 4.3.2.0-4.3.3.0 on an IBM RS/* (85%), Microsoft Windows Server 2003 (85%), Microsoft Windows 2000 SP3 (85%) No exact OS matches for host (test conditions non-ideal). Nmap run completed -- 1 IP address (1 host up) scanned in 8.290 seconds I'm fairly certain that www.colt.com is running on a Windows server (http://uptime.netcraft.com/up/graph?site=www.colt.com). My suggestion would be that the various classes have a small bonus (or penalty) applied to the top tying accuracy score guesses. These bonuses or penalties would be set based on the statistics that one OS is installed more then another. In my example above, I believe that this approach would nudge MS Windows above IBM AIX. In the case that there is a tie for the top guess, I think this would only help improve accuracy. Does anyone have any idea where I could get good stats on the install base counts of the general purpose OSes? Netcraft didn't really have this information in the level of detail that I was hoping for. Atleast not directly publically available. Thanks for any help or info you can pass my way. Ray --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- OS guessing suggestion Ray Bero (Aug 03)
- release version in Win32 micro dev (Aug 28)