Re: fingerprint mix up?

[Fyodor <fyodor () insecure org>]

On Wed, Mar 12, 2008 at 01:56:01PM -0800, Jaime Reza wrote:
> But when I run nmap 4.53 (latest svn with it's database) I get the following
> incorrect matchup..
>
> # Bay Networks BLN-2 Network Router (latest Bay OS as of Feb16'99)
> # Bay Networks ASN Processor revision 9, SE100NM and SFNM modules
> Fingerprint Bay Networks BLN-2 Network Router or ASN Processor revision 9
> Class Bay Networks | embedded || router
> T1(Resp=Y%DF=N%W=200|400%ACK=S++%Flags=AS%Ops=MNNTNW)
> T2(Resp=N)
> T3(Resp=N)
> T4(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
> T5(Resp=N)
> T6(Resp=N)
> T7(Resp=N)
> PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
>
> If I put the Cisco fingerprint into the nmap-os-db file it doesn't pick it
> up in 4.53
>
> Any ideas why this is so?
>
> and why is it misidentifying the Cisco pix as a Bay Networks?

Thanks for your report.  You can't put the 3.75 fingerprint into the
4.53 database, as they use different systems.  As for misidentifying
the pix as Bay networks, we need Nmap output and other information to
determine what is going on.  Would you please submit a correction as
described at
http://nmap.org/osdetect/osdetect-unidentified.html#osdetect-wrong ?

Thanks,
Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org