Nmap Development mailing list archives
OS detection in poor conditions
From: Andrew Johnston <ahjohnston25 () gmail com>
Date: Tue, 10 Nov 2009 22:56:41 -0500
Hello- I noticed throughout my scans that whenever a machine's OS seems to be unknown, Nmap reports it as a firewall running ZyXEL ZyNOS or Prestige. I would understand if the scan was close enough (like if it was a ZyXEL router), but a lot of times it seems to be way off. As an example, I have provided a scan. # Nmap 5.00 scan initiated Tue Nov 10 22:51:33 2009 as: nmap -O -oN example.txt -PN fake.domain Interesting ports on fake.domain (192.168.1.1) Not shown: 923 closed ports, 69 filtered ports PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 80/tcp open http 110/tcp open pop3 143/tcp open imap 443/tcp open https 995/tcp open pop3s 3306/tcp open mysql Device type: firewall Running: ZyXEL ZyNOS 3.X OS details: ZyXEL ZyWALL 2 or Prestige 660HW-61 ADSL router (ZyNOS 3.62) OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . # Nmap done at Tue Nov 10 22:52:58 2009 -- 1 IP address (1 host up) scanned in 86.14 seconds Of course, I removed any sensitive information. But I know the device is not actually a ZyXEL firewall, but a Red Hat 9 server. Is this a type of default that I can disable? It has been messing me up. Thanks in advance. -- Andrew Johnston _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- OS detection in poor conditions Andrew Johnston (Nov 11)
- Re: OS detection in poor conditions David Fifield (Nov 11)