Nmap Development mailing list archives
[patch] XP SP2 (firewall enabled) OS fingerprint update
From: Martin Mačok <martin.macok () underground cz>
Date: Wed, 22 Dec 2004 15:05:26 +0100
Today I ran across XP SP2 with TSeq(...TS=0). The tested system is "Version 5.1 Build 2600.xpsp_sp2_rtm.040803-2158" too. Without this patch, nmap tells that the system in question is IBM AIX 4.x or Win2003/.NET. With this patch, it tells that it could also be XP SP2 (firewall enabled). --- nmap-os-fingerprints.orig 2004-12-22 13:19:30.000000000 +0100 +++ nmap-os-fingerprints 2004-12-22 14:52:29.000000000 +0100 @@ -12322,7 +12322,7 @@ # Microsoft Windows XP Pro with SP2 (Version 5.1 Build 2600.xpsp_sp2_rtm.040803-2158 : Service Pack 2) Fingerprint Microsoft Windows XP SP2 (firewall enabled) Class Microsoft | Windows | NT/2K/XP | general purpose -TSeq(Class=TR%gcd=<6%IPID=I%TS=U) +TSeq(Class=TR%gcd=<6%IPID=I%TS=U|0) T1(DF=Y%W=6360|FC94|FFFF%ACK=S++%Flags=AS%Ops=MNWNNT|MNW) T2(Resp=N) T3(Resp=N) Martin Mačok IT Security Consultant --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- [patch] XP SP2 (firewall enabled) OS fingerprint update Martin Mačok (Dec 22)