Nmap Development mailing list archives
Re: Other useless OS detection tests?
From: David Fifield <david () bamsoftware com>
Date: Fri, 27 Mar 2009 17:12:33 -0600
On Thu, Mar 12, 2009 at 04:12:39PM -0600, David Fifield wrote:
On Thu, Mar 12, 2009 at 03:33:36PM -0600, David Fifield wrote:Fyodor noticed that every single reference fingerprint in nmap-os-db that had a result of the IE.DLI test had the value S.I read in the TODO: o Are there other "useless" tests in nmap-os-db? It is worth checking, IMHO. I wrote a script to measure how much each OS detection test varies in nmap-os-db. It ranks each test by the number of distinct values it takes on. The results are attached. You can ignore the *.R tests; they only take on two values so they can't get very diverse. The only potentially "useless" tests are IE.DLI, IE.SI, and U1.RUL. As you can see, IE.DLI and IE.SI only ever take on one value, and U1.RUL was 0 only 1 time out of 1658. IE.DLI=S 1656 IE.SI=S 1655 U1.RUL=G 1657 U1.RUL=0 1
I removed these three tests from OS fingerprints. In this case the only benefit of doing that is shorter prints, because the tests were matching nearly 100% of the time anyway. I also removed U1.TOS and IE.TOSI, which have been disabled with MatchPoints of 0 since 4.85BETA1. http://seclists.org/nmap-dev/2008/q4/0346.html David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- IE.DLI OS detection test David Fifield (Mar 12)
- Re: IE.DLI OS detection test Brandon Enright (Mar 12)
- Re: IE.DLI OS detection test ithilgore (Mar 12)
- Other useless OS detection tests? David Fifield (Mar 12)
- RE: Other useless OS detection tests? Thomas Tavaris J (Tavaris) (Mar 13)
- Re: Other useless OS detection tests? Fyodor (Mar 13)
- Re: Other useless OS detection tests? David Fifield (Mar 27)
- RE: Other useless OS detection tests? Thomas Tavaris J (Tavaris) (Mar 13)
- Re: IE.DLI OS detection test Brandon Enright (Mar 12)