Nmap Development mailing list archives
IPv6 OS fingerprint integration highlights
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 29 Oct 2015 09:27:23 -0500
As David pointed out in his talk at AISec [1], the IPv6 OS fingerprint engine doesn't get nearly as many submissions. Since April, we received only 9 fingerprint submissions! There are a few reasons this could be: * People aren't scanning IPv6 systems. Even if you don't have IPv6 setup on your network, you can often talk IPv6 to your LAN neighbors. Try using some of the targets-ipv6-multicast-* NSE scripts to discover interesting things! * There are relatively fewer IPv6 stacks out there. Every printer, switch, or lightbulb out there speaks IPv4, so we get lots of interesting submissions, but IPv6 submissions are pretty much all for the major desktop and server OSs. * The IPv6 engine is good at classifying things it hasn't seen before. This means that Nmap is less likely to print a fingerprint and request submission, even when something is different about the print that would cause a mismatch under the IPv4 system. We should investigate printing a submission prompt even when there's a good match if the novelty factor is on the high end. With that out of the way, here's what actually changed: We added several features to the classifier which should produce more precise matches: * Add ICMPV6_TYPE and ICMPV6_CODE features for IPv6 OS detection. http://seclists.org/nmap-dev/2015/q3/232 * Add TCP window/MSS ratio feature for IPv6 OS detection. http://seclists.org/nmap-dev/2015/q2/103 VMware ESXi is no longer classified as ESX Server. This mirrors a change from the IPv4 fingerprint integration. New fingerprint groups: * VMware ESXi 6.0.0 * Linux 4.0 * Apple Time Capsule NAS device And a couple existing groups expanded to match new versions: Linux 3.19 and Darwin 14.3.0. Happy scanning! Dan [1] http://seclists.org/nmap-dev/2015/q4/54
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- IPv6 OS fingerprint integration highlights Daniel Miller (Oct 29)
- How about sometimes showing an OS fingerprint even if there's a match? David Fifield (Oct 29)
- Re: How about sometimes showing an OS fingerprint even if there's a match? Daniel Miller (Oct 29)
- Re: How about sometimes showing an OS fingerprint even if there's a match? David Fifield (Oct 29)
- Re: How about sometimes showing an OS fingerprint even if there's a match? Daniel Miller (Oct 29)
- How about sometimes showing an OS fingerprint even if there's a match? David Fifield (Oct 29)