Re: Nessus's Nmap competitor

[doug () hcsw org]

On Tue, Sep 02, 2008 at 11:18:23PM -0300 or thereabouts, Arturo 'Buanzo' Busleiman wrote:
> DePriest, Jason R. wrote:
> > How useful is port grouping based fingerprinting for something other
> > than Windows?
>
> I wished I had saved logs for this, but I had a situation with two linux servers, different kernel
> versions/distros. The NAT was a linux machine with services, and other ports were forwaded to
> another machine. Port grouping helped narrow down the possibilities to almost exact matchings.

This is a very interesting use of QSCAN, thanks for bringing it up.
You will probably get confusing results at best if you run OS
detection against a host with ports being forwarded to multiple
different machines. I wonder if it would be possible to embed
median round-trip time in the OS fingerprint so that at least
we could try to avoid polluting the DB in such cases. Or maybe
this isn't that big an issue--I have never integrated OS FPs
so I dunno for sure.

Best,

Doug

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org