Re: IPv6 Hop Limit as feature in FPEngine

[David Fifield <david () bamsoftware com>]

On Mon, Mar 23, 2015 at 06:15:06PM +0100, Alexandru Geana wrote:
> The accuracy per method is as follows:
>     1) using the value without any processing   66.037
>     2) only the scan line                       66.037
>     3) scan line or simple guessing             66.415
>     4) scan line and simple guessing            66.037
>     5) scan line and guessing with error limits 66.037
> It seems that there is not enough data at the moment for this feature to
> have a big impact, but I was curious as to why strategy #3 has a higher
> accuracy. I found out that it all boils down to 6 packets in the group
> "Equinox...", print 1 (of 2) which has have the hop limits set to 1 for
> all probe responses except NS which is 255. The other print of the same
> group has hop limits of responses set to 64 except for NS which is 255
> again.
>
> I believe that my reasoning for the smart guessing method is better
> suited, even if it more complex than the other ones. The fact that it
> places each hop limit in the correct category with a high degree of
> accuracy and discard incorrect values (to be later filled in via
> imputation) should increase accuracy in the long run.

Okay; whatever. It seems like it doesn't matter much, and it's not like
we're locking ourselves into anything. Be sure to add a block comment or
a link to this thread so that a read will understand what's going on
with er_lim.

David Fifield
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/