Nmap Development mailing list archives
DH parms fingerprinting, was: Re: IPv4 OS Fingerprint Integration Highlights
From: Frank Bergmann <nmap () tuxad com>
Date: Thu, 24 Nov 2016 19:20:07 +0100
On Thu, Nov 24, 2016 at 09:58:50AM -0600, Daniel Miller wrote: [...] Hello, I'm using Daniel's email as an "anchor" to send an email regarding "fingerprinting" (see below). Short introduction of myself: I subscribed the dev list several weeks (or months) ago. I live in Germany and work with Apple and *nix systems for many years. And I'm not a native english speaker as you might already have noticed. ;-) Now back to "fingerprinting": In the last weeks I discovered that it is sometimes possible to identify software or even hardware (appliances) by just "fingerprinting" the DH parameters. If you make an SSL connection (mostly tested with smtp/starttls) and you get DH parms i.e. with SHA1sum 0de6ac94b35b9a347c85d495d67e6c6f3c79750d then it is haproxy or 7af9dbc91bea633a6769e1dcea63262d2cee4797 for IronPort. And now my question to the list: Do you think that it makes sense to do more research for "DH parms fingerprinting" and maybe extend nmap with scripts for this? regards, Frank _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- IPv4 OS Fingerprint Integration Highlights Daniel Miller (Nov 24)
- DH parms fingerprinting, was: Re: IPv4 OS Fingerprint Integration Highlights Frank Bergmann (Nov 24)
- Re: DH parms fingerprinting, was: Re: IPv4 OS Fingerprint Integration Highlights Daniel Miller (Nov 24)
- DH parms fingerprinting, was: Re: IPv4 OS Fingerprint Integration Highlights Frank Bergmann (Nov 24)