Nmap Development mailing list archives
Re: Nmap 4.20ALPHA5: Unable to produce ideal -O2 tests ?
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 01 Sep 2006 03:54:20 +0000
On Thu, 2006-08-31 at 20:30 -0700, Fyodor wrote:
On Fri, Sep 01, 2006 at 03:18:16AM +0000, Brandon Enright wrote:
...snip...
Oops. We changed the limit (these rules are all in FingerPrintResults.cc OmitSubmissionFP()) from 15 to 10 hops, but forgot to update the message. I just fixed that for the next version. We're worried about problems related to asymetric routing if we take fingerprints from hosts too many hops away. We may relax the rules a bit, but they are currently quite strict to ensure a high quality DB.
Makes sense. Reducing it even further (say 5) would probably force people to only scan networks they have control over and should take odd ISP routing, shaping, and fake RST or SYN/ACK responses out of the picture.
The others machines I've tested (localhost, other machines 1 or 2 hops away) all produce this output: "OS fingerprint not ideal because: maxTimingRatio is greater than 1.4"Interesting. Would you run find an open and a closed port on a target which does that, then run "nmap -p[openport],[closedport] --packet-trace -d -O2 [target]" and send me the output?
Attached is a scan from 192.168.0.100 to 192.168.0.106. I through -n and -P0 in there to reduce the amount of crap you have to look at.
You can change the IPs to "src" and "target". That ought to help me figure out why the timing isn't working right. How many hosts are you scanning at once? Maybe it will work if you scan them one at a time (but I still want to fix it, so if you could still send me a --packet-trace of a problematic run that would be great).
I was only scanning one host each time -- to many variables with more than one. Brandon
Attachment:
sample.txt
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 4.20ALPHA5: Unable to produce ideal -O2 tests ? Brandon Enright (Aug 31)
- Re: Nmap 4.20ALPHA5: Unable to produce ideal -O2 tests ? Fyodor (Aug 31)
- Re: Nmap 4.20ALPHA5: Unable to produce ideal -O2 tests ? Brandon Enright (Aug 31)
- Re: Nmap 4.20ALPHA5: Unable to produce ideal -O2 tests ? Fyodor (Sep 02)
- Re: Nmap 4.20ALPHA5: Unable to produce ideal -O2 tests ? Brandon Enright (Sep 02)
- Re: Nmap 4.20ALPHA5: Unable to produce ideal -O2 tests ? Fyodor (Sep 02)
- Re: Nmap 4.20ALPHA5: Unable to produce ideal -O2 tests ? Brandon Enright (Sep 03)
- Re: Nmap 4.20ALPHA5: Unable to produce ideal -O2 tests ? Fyodor (Sep 04)
- Re: Nmap 4.20ALPHA5: Unable to produce ideal -O2 tests ? Brandon Enright (Aug 31)
- Re: Nmap 4.20ALPHA5: Unable to produce ideal -O2 tests ? Fyodor (Aug 31)