Nmap Development mailing list archives
IPv6 Fingerprint integration highlights
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 10 Mar 2016 13:44:52 -0600
Only 12 IPv6 fingerprint submissions this quarter, though I managed to gather a few extra OS X fingerprints myself. We added 3 new groups (classifications), up to 96 in total, and strengthened or expanded several existing groups. -group OpenBSD 5.3 +group OpenBSD 5.3 - 5.8 Expanded OpenBSD matching to include version 5.8 +group IBM i 7.2 EBCDIC and IPv6? Yes, indeed! -group Apple Mac OS X 10.6.8 - 10.9.5 (Snow Leopard - Mavericks) or iOS 4.3.3 - 6.1.3 (Darwin 10.8.0 - 13.4.0) +group Apple Mac OS X 10.6.8 - 10.7 (Snow Leopard - Lion) or iOS 4.3.3 (Darwin 10.8.0 - 11.3.0) -group Apple Mac OS X 10.10 (Yosemite) (Darwin 14.0.0 - 14.3.0) +group Apple Mac OS X 10.9 (Mavericks) - 10.11 (El Capitan) or iOS 6 - 9.1 (Darwin 13.0.0 - 15.3.0) By rearranging prints, we were able to distinguish a bit better between OS X versions. The TCP_WSCALE feature is a strong distinguisher, but the engine is having trouble noticing it, probably because of a lack of observations (submissions) relative to other stronger groups. We are looking into ways of remedying this so that we can split the group and distinguish individual versions again. +group Apple Mac OS X 10.10 (Yosemite) - 10.11 (El Capitan) (Darwin 14.0.0 - 15.3.0) +group Apple Mac OS X 10.9 (Mavericks) (Darwin 13.4.0) Two new groups for localhost scans on OS X. Happy scanning, and please remember to submit IPv6 fingerprints and corrections! Dan
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- IPv6 Fingerprint integration highlights Daniel Miller (Mar 10)