Nmap Development mailing list archives

Re: Nessus's Nmap competitor

From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Tue, 2 Sep 2008 19:56:39 -0500

On Tue, Sep 2, 2008 at 3:49 PM, Arturo 'Buanzo' Busleiman <> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Fyodor wrote:

Some of these we have, but others we don't (or perhaps not as well).
Having application-level OS detection checks in addition to stack
fingerprinting is useful, because it helps understand cases such as
port forwarding/DNAT where a load balancer or firewall might forward
certain ports to completely different systems.  As that OS detection
blog entry is more than a year old, there might be other
os_fingerprint_* plugins by now.


I always liked "my" idea of doing OS Fingerprinting based on port-grouping using QSCAN.

I'd really like to see something like it already integrated into nmap. It has helped me a lot when
used manually to get better OS detections (when systems are not behind packet-mangling
routers/nats). (http://osdir.com/ml/security.nmap.devel/2006-12/msg00124.html)

- --
Arturo "Buanzo" Busleiman
Independent Linux and Security Consultant - SANS - OISSG - OWASP
http://www.buanzo.com.ar/pro/eng.html
Mailing List Archives at http://archiver.mailfighter.net


Sorry to hijack, but I had questions about this idea.

How useful is port grouping based fingerprinting for something other
than Windows?

The available ports for other OSes are pretty dynamic and depend
almost entirely on what applications the end-user decides to install.

Also since getting rid of native NetBIOS, the only port you'll always
find for Windows is 445.

I'm asking because I've always thought this was a good idea, too.  We
need to take into account the combination of ports open on a host and
not just what the individual ports have to say.

I'd hoped someone with more skills would build a host NSE script for it.

-Jason

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Nessus's Nmap competitor Fyodor (Sep 02)
- RE: Nessus's Nmap competitor Andrew J. Sledge (Sep 02)
- Re: Nessus's Nmap competitor Arturo 'Buanzo' Busleiman (Sep 02)
  - Re: Nessus's Nmap competitor DePriest, Jason R. (Sep 02)
    - Re: Nessus's Nmap competitor Arturo 'Buanzo' Busleiman (Sep 02)
    - Re: Nessus's Nmap competitor doug (Sep 03)