Nmap Development mailing list archives
Re: Other useless OS detection tests?
From: Fyodor <fyodor () insecure org>
Date: Fri, 13 Mar 2009 12:23:28 -0700
On Fri, Mar 13, 2009 at 09:10:11AM -0400, Thomas Tavaris J (Tavaris) wrote:
L. Greenwald and T. Thomas, "Toward Undetected Operating System Fingerprinting," Proceedings of the First USENIX Workshop on Offensive Technologies (WOOT '07), Boston, MA, August 6, 2007.
And here is a link to the paper, for folks who haven't read it yet: http://www.usenix.org/events/woot07/tech/full_papers/greenwald/greenwald.pdf The paper analyzes Nmap 4.21ALPHA4. So it is looking at the 2nd generation OS detection system, but the DB only contained 417 fingerprints then, vs. 1,761 now. The paper only studied the TCP probes, because "(1) they are more easily blocked by defensive devices, and (2) our information gain evaluation reveals that they are of marginal value."
Granted this was on an earlier version of Nmap so I reran our code recently on the signature database of Nmap 4.76 and the results were similar. (have not published these yet)
Please let us know on the list when you can share the new results! If you haven't gone far beyond rerunning the code yet, you might want to use a newer version of Nmap instead. Nmap 4.76 had 1,503 signatures in the DB, and we've (by which I mean mostly David's hard work, plus hundreds of people who submitted signatures) already increased that by 17% to 1,761 in 4.85BETA3. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- IE.DLI OS detection test David Fifield (Mar 12)
- Re: IE.DLI OS detection test Brandon Enright (Mar 12)
- Re: IE.DLI OS detection test ithilgore (Mar 12)
- Other useless OS detection tests? David Fifield (Mar 12)
- RE: Other useless OS detection tests? Thomas Tavaris J (Tavaris) (Mar 13)
- Re: Other useless OS detection tests? Fyodor (Mar 13)
- Re: Other useless OS detection tests? David Fifield (Mar 27)
- RE: Other useless OS detection tests? Thomas Tavaris J (Tavaris) (Mar 13)
- Re: IE.DLI OS detection test Brandon Enright (Mar 12)