Nmap Development mailing list archives
Re: NMAP Patch to change OS/390 to z/OS in banner scan
From: David Fifield <david () bamsoftware com>
Date: Sun, 23 Sep 2012 21:27:16 -0700
On Sun, Sep 23, 2012 at 09:00:04PM -0700, Main Framed wrote:
This is my first NMAP patch so I apologize if I'm not following protocol. I'm following the instructions from https://svn.nmap.org/nmap/HACKING. It's a very minor change to nmap-service-probes to replace "OS/390" with "z/OS". As you can read here (http://en.wikipedia.org/wiki/OS/390) OS/390 ended support in 2004 and replaced the OS with z/OS.
Hello, thank you for making this patch. You did it the right way, don't worry. We usually don't like to just change the OS on fingerprints like this. One reason is that, if a fingerprint matches OS/390, it will continue to match any OS/390 machines that are still running. Another reason is that we don't know that the fingerprint for the z/OS version of telnet, say, has the same fingerprint. If we change the OS on the old signatures, we lose the potential ability to distinguish the two different versions of the OS. The best way to make changes like this is to do an actual scan of a z/OS machine, and then submit a fingerprint or correction to http://nmap.org/submit. If it turns out that the fingerprint is the same, then we would write "OS/390 or z/OS" instead of choosing one of them. One thing you can do to help out is add CPE entries for our OS/390 and z/OS fingerprints. What this means is looking at http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.xml and finding the best match for the OS, and then adding a cpe: template to the match line, like this existing one: cpe:|o:ibm:z/os| If you do this, make sure you have the absolute latest version of the fingerprints file from SVN, or else it is more difficult to merge the patch. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NMAP Patch to change OS/390 to z/OS in banner scan Main Framed (Sep 23)
- Re: NMAP Patch to change OS/390 to z/OS in banner scan David Fifield (Sep 23)