Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Other useless OS detection tests?

From: David Fifield <david () bamsoftware com>
Date: Fri, 27 Mar 2009 17:12:33 -0600
On Thu, Mar 12, 2009 at 04:12:39PM -0600, David Fifield wrote:

On Thu, Mar 12, 2009 at 03:33:36PM -0600, David Fifield wrote:

Fyodor noticed that every single reference fingerprint in nmap-os-db
that had a result of the IE.DLI test had the value S.


I read in the TODO:

  o Are there other "useless" tests in nmap-os-db?  It is worth
    checking, IMHO.

I wrote a script to measure how much each OS detection test varies in
nmap-os-db. It ranks each test by the number of distinct values it takes
on. The results are attached. You can ignore the *.R tests; they only
take on two values so they can't get very diverse.

The only potentially "useless" tests are IE.DLI, IE.SI, and U1.RUL. As
you can see, IE.DLI and IE.SI only ever take on one value, and U1.RUL
was 0 only 1 time out of 1658.

IE.DLI=S     1656

IE.SI=S      1655

U1.RUL=G     1657
U1.RUL=0     1


I removed these three tests from OS fingerprints. In this case the only
benefit of doing that is shorter prints, because the tests were matching
nearly 100% of the time anyway.

I also removed U1.TOS and IE.TOSI, which have been disabled with
MatchPoints of 0 since 4.85BETA1.
http://seclists.org/nmap-dev/2008/q4/0346.html

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: