Nmap Development mailing list archives
Re: Qscan in NSE: qscan.nse
From: Ron <ron () skullsecurity net>
Date: Mon, 22 Mar 2010 18:03:13 -0500
As an enhancement to the whole concept, how difficult would it be to integrate some OS-detection-style tricks? Sample things like: o Initial TTL o IPID numbers (zero/incremental/random) o etc. Gather those stats, group the hosts that *might* be the same, then do the timing tests on the sub-groups. It seems me that that'd significantly increase the accuracy. On Mon, 22 Mar 2010 22:41:20 +0000 jah <jah () zadkiel plus com> wrote:
On 21/03/2010 17:25, Kris Katterjohn wrote:So these types of tests are the best I can do, but qscan seems to prove itself useful and accurate for me.Yep, your results look good. I haven't worked out definitively why my results aren't as I'd wished them to be, but I suspect, given that the test machines are VMs on the same host using the same virtual network adapter, that the rtt are never going to differ much more than microseconds - much much less than the std deviation anyway. So actually, barring the odd anomaly, getting all ports showing as the same family is the result I should have been expecting all along.One thing I noticed is that qscan.nse runs against targets when only a single port was specified, I think that if less than two ports are in a testable state then qscan shouldn't run (unless maybe if it was explicitly requested).Good find, but actually this was silently fixed in my last attached script. I forgot to mention it in the email...Ah, I missed that.Still, once we can be confident of it's effectiveness, it's a neat script to have in our arsenal!Great, I'm glad you think so! Maybe my tests above have instilled a little of that confidence in you? :-P Nah, hopefully qscan can do that itself when you get a chance to test outside of VMs.I might be warming to the idea that the script works properly. Again, nice work Kris. jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Qscan in NSE: qscan.nse, (continued)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Mar 21)
- Re: Qscan in NSE: qscan.nse Arturo 'Buanzo' Busleiman (Mar 20)
- Re: Qscan in NSE: qscan.nse Arturo 'Buanzo' Busleiman (Mar 18)
- Re: Qscan in NSE: qscan.nse doug (Mar 20)
- Re: Qscan in NSE: qscan.nse Arturo 'Buanzo' Busleiman (Mar 20)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Mar 21)
- Qscan against localhost David Fifield (Mar 20)
- Re: Qscan in NSE: qscan.nse jah (Mar 21)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Mar 21)
- Re: Qscan in NSE: qscan.nse jah (Mar 22)
- Re: Qscan in NSE: qscan.nse Ron (Mar 22)
- Re: Qscan in NSE: qscan.nse Arturo 'Buanzo' Busleiman (Mar 23)