Re: Honeyd-0.8 wrong respond

[Niels Provos <provos () citi umich edu>]

On Tue, Mar 09, 2004 at 06:25:35PM +0800, wan fat wu wrote:
>   I am now using mhoneyd-0.8. I have started arpd and
> honeyd together in computer A in local network.
> However, when I use nmap to scan the computer A, it
> can response the services that I have started but IT
> CANNOT DETECT THE OS!! What I mean can't detect the OS
> is it replys the fingerprints. I have tested many
> combination but it still gives me the fingerpring.

The following diff solves the problem.  A new release of
Honeyd is coming soon.  Need to find some more time and
polish some of the new features.

Niels.

Index: honeyd.c
===================================================================
RCS file: /cvs/honeyd/honeyd.c,v
retrieving revision 1.187
retrieving revision 1.188
diff -u -r1.187 -r1.188
--- honeyd.c    6 Feb 2004 12:38:10 -0000       1.187
+++ honeyd.c    8 Feb 2004 11:17:07 -0000       1.188
@@ -1601,9 +1605,8 @@
                                 */
                                if (tiflags & (TH_RST|TH_ACK))
                                        goto kill;
+                               tiflags &= ~TH_FIN;
                        }
-
-                       tiflags &= ~TH_FIN;
 
                        /* Just drop the packet */
                        if (flags & TH_RST)