Nmap Development mailing list archives
Re: Nmap 4.20ALPHA2
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sun, 25 Jun 2006 04:37:58 +0000
On Sat, 2006-06-24 at 21:17 -0700, Fyodor wrote:
OK guys, let's just pretend ALPHA1 never happened :). Here is ALPHA2:
... snip ...
Please let me know if you find any problems with this one! If you can patch the problem, that is best. But even if you can't, just reporting a problem like "doesn't compile on <foo OS>, gives this error" will help us determine what to focus on. Cheers, -F
It looks like the TCP Sequence Prediction has changed significantly. Hosts that were coming back in the "Good luck!" difficultly class with randomish sequences are now classed as Easy/Medium. A Linux 2.4 box that was coming back with: TCP Sequence Prediction: Class=random positive increments Difficulty=1745946 (Good luck!) Now comes back with: TCP Sequence Prediction: Class=random positive increments Difficulty=22 (Easy) A fully patched XP SP2 (no firewall) used to come back: TCP Sequence Prediction: Class=truly random Difficulty=9999999 (Good luck!) But now comes back: TCP Sequence Prediction: Class=truly random Difficulty=255 (Medium) Has the sequence pattern matching improved in some way? I suppose this could be to make headroom for even more unpredictable TCP Sequences. To me "truly random" means impossible, not medium difficulty. I see a couple of comments in red in your fingerprinting methods paper but nothing that would indicate this big a change. Brandon _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Nmap 4.20ALPHA2 Fyodor (Jun 24)
- Re: Nmap 4.20ALPHA2 Brandon Enright (Jun 24)
- Re: Nmap 4.20ALPHA2 Fyodor (Jun 24)
- Re: Nmap 4.20ALPHA2 kx (Jun 24)
- Re: Nmap 4.20ALPHA2 Fyodor (Jun 24)
- Re: Nmap 4.20ALPHA2 Brandon Enright (Jun 24)