Re: Linux 2.0.36 detected as 2.0.35

[Fyodor <fyodor () dhp com>]

On Wed, 16 Dec 1998, Peter van Dijk wrote:

> Another point: I found that running nmap -O thru a masquerading firewall is
> not really reliable :(

Yeah, this is a good point.  Nmap absolutely depends on being able to pass
traffic onto the network without any machines futzing with/rewriting the
headers (other than TTL, checksum, etc).  It also depends on studying the
replies to rather unexpected queries.  Unfortunately most masquerading/NAT
implementations do futz with the headers and drop responses to unexpected
queries (or drop the queries themselves), and so OS scannign is unlikely
to ever be very accurate.  Scanning through a transparent proxy may cause
the same problem.

On another note, thanks to everyone who has been sending me fingerprints!
I have received a lot of them, but wasn't able to release a new version of
nmap-os-fingerprints before I left on vacation.  I'll release one when I
get back (around the 28th).  I'll try and get more caught up with my mail
then too.

Cheers,
Fyodor


--
Fyodor                            'finger pgp () www insecure org | pgp -fka'
Frustrated by firewalls?          Try nmap: http://www.insecure.org/nmap/
"this assumption has changed over the years as Windows NT gains popularity
largely because of its security features." -Micro$oft security white paper
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA