Nmap Development mailing list archives
fingerprint mix up?
From: "Jaime Reza" <turinreza () gmail com>
Date: Wed, 12 Mar 2008 13:56:01 -0800
Hiya, In nmap 3.75 the following fingerprint is correctly identifying the Cisco Pix firewall i currently am using # Cisco PIX running IOS 6.1(1) - Internal interface # Cisco PIX 520 firewall running PixOS 6.1(3) # Secure PIX Firewall Version 5.2(2) Fingerprint Cisco PIX Firewall (PixOS 5.2 - 6.1) Class Cisco | PIX | 5.X | firewall Class Cisco | PIX | 6.X | firewall TSeq(Class=TR%gcd=<6%IPID=I%TS=U) T1(DF=N%W=1000%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=WNMETL) T3(Resp=Y%DF=N%W=400|800|C00|1000%ACK=S++%Flags=UAPR|AS%Ops=WNMETL|M) T4(DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=WNMETL) T5(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=WNMETL) T6(DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=WNMETL) T7(DF=N%W=400|800|C00|1000%ACK=S++%Flags=UAPR%Ops=WNMETL) PU(Resp=N) But when I run nmap 4.53 (latest svn with it's database) I get the following incorrect matchup.. # Bay Networks BLN-2 Network Router (latest Bay OS as of Feb16'99) # Bay Networks ASN Processor revision 9, SE100NM and SFNM modules Fingerprint Bay Networks BLN-2 Network Router or ASN Processor revision 9 Class Bay Networks | embedded || router T1(Resp=Y%DF=N%W=200|400%ACK=S++%Flags=AS%Ops=MNNTNW) T2(Resp=N) T3(Resp=N) T4(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) If I put the Cisco fingerprint into the nmap-os-db file it doesn't pick it up in 4.53 Any ideas why this is so? and why is it misidentifying the Cisco pix as a Bay Networks? thanks TURINREZA _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- fingerprint mix up? Jaime Reza (Mar 12)
- Re: fingerprint mix up? Fyodor (Mar 12)