Re: OS Fingerprinting Problem

[Fyodor <fyodor () insecure org>]

On Tue, Sep 02, 2008 at 12:48:29PM -0700, net2004eng () yahoo com wrote:
> The only difference here is for "%ISR=4F-51" to "%ISR=4D-51"
> I understand that the ISR accounts for the average rate of increase
> for the returned TCP initial sequence number. I wanted to know what
> can be done to get this included into the next update to nmap. The
> device that was scanned is accurately detected as the Linksys BEFSR41
> Firmware Version: 1.46.02, Aug 03 2003 device.

Hi Matt.  The ISR change did not prevent the match.  The change from
"4F-51" to "4D-51" makes the matching more broad (those are hex number
ranges).  So anything which matched the first one, should match the
2nd.

The difference is probably that Nmap 4.20 still had the 1st generation
system to fall back on, while newer versions don't.  We may need to
improve our 2nd generation fingerprint for this device.

And yes, you CAN help get this system recognized in future versions of
Nmap!  Scan it with "nmap -v -sUT -O -T4" and see if it gives you a
fingerprint and submission URL.  If so, please submit the sucker!  If
not, you may need to scan from a machine on the same network as the
AP.  Nmap is rather picky about when it considers a fingerprint
suitable for submission.

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org