Re: [nmap-svn] r32464 - nmap

[Jacek Wielemborek <wielemborekj1 () gmail com>]

2013/10/23  <commit-mailer () nmap org>:
> Author: d33tah
> Date: Wed Oct 23 21:26:51 2013
> New Revision: 32464
>
> Log:
> Reverting r32462 - Fyodor says it needs some investigation on how the W0 actually appeared here.
>
>
> Modified:
>    nmap/nmap-os-db
>
> Modified: nmap/nmap-os-db
> ==============================================================================
> --- nmap/nmap-os-db     (original)
> +++ nmap/nmap-os-db     Wed Oct 23 21:26:51 2013
> @@ -59929,7 +59929,7 @@
>  CPE cpe:/o:microsoft:windows_xp::sp3
>  SEQ(SP=101-10B%GCD=1-6%ISR=104-10E%II=I%TS=U)
>  
> OPS(O1=M4ECNW0NNS|M4ECNW3NNS%O2=M4ECNW0NNS|M4ECNW3NNS%O3=M4ECNW0|M4ECNW3%O4=M4ECNW0NNS|M4ECNW3NNS%O5=M4ECNW0NNS|M4ECNW3NNS%O6=M4ECNNS)
> -WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)
> +WIN(W1=FFFF%W2=FFFF%W0|W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)
>  ECN(R=Y%DF=Y%T=3B-45%TG=40%W=FFFF%O=M4ECNW0NNS|M4ECNW3NNS%CC=N%Q=)
>  T1(R=Y%DF=Y%T=3B-45%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
>  T2(R=Y%DF=N%T=3B-45%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
>
> _______________________________________________
> Sent through the svn mailing list
> http://nmap.org/mailman/listinfo/svn

While building my own nmap-os-db parser, I noticed that there are WIN
tests not mentioned in MatchPoints. The first one I spotted was W0 for
Windows XP, but then I noticed there are also bogus W7, W8 and W9.

I talked to Fyodor about this and he suggested that it might be a bug
in either the Nmap integration software or some probe numbering bug
related to retransmissions. He also noticed that the bogus tests
appeared in r30038 and the diff shows that these lines got replaced in
an already existing fingerprint. This might be worth investigating.
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/