Nmap Development mailing list archives

Re: Identifying BeOS DR9?

From: Bo Cato <jcato73 () comcast net>
Date: Thu, 11 Sep 2003 07:56:04 -0400
You want to -vv and change -sW to -sS or -sT then submit the
fingerprint to http://www.insecure.org/cgi-bin/nmap-submit.cgi

I'm not sure a windowing scan is 'ideal' for fingerprinting while I've
had good results with half opens and connects.

--
-b

Hello Edhel,

Wednesday, September 10, 2003, 9:03:58 PM, you wrote:

E> I noticed that BeOS DR9, AKA "Preview Release" isn't listed in
E> nmap-os-fingerprints, so I installed this OS on my Mac and
E> scanned it from my FreeBSD computer on the other end of my desk.
E> The results were disappointing. I have BeOS DR9's included
E> telnet, ftp, and web servers running, but nmap always claims
E> that the test conditions are "non-ideal". Is there anything I
E> can do to achieve an "ideal" scan for submission? Below is the
E> output of a few scans:


E> [spatchtower:root] /tmp/nmap-3.30 > ./nmap -O -v -p 20-24,80 10.0.2.2
E> No tcp, udp, or ICMP scantype specified, assuming SYN Stealth scan. Use -sP if you really 
E> don't want to portscan (and just want to see what hosts are up).

E> Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-09-10 20:37 EDT
E> Host powermacintosh8500 (10.0.2.2) appears to be up ... good.
E> Initiating SYN Stealth Scan against powermacintosh8500 (10.0.2.2) at 20:37
E> Adding open port 80/tcp
E> The SYN Stealth Scan took 2 seconds to scan 6 ports.
E> For OSScan assuming that port 80 is open and port 20 is closed and neither are firewalled
E> For OSScan assuming that port 80 is open and port 20 is closed and neither are firewalled
E> Insufficient responses for TCP sequencing (0), OS detection may be less accurate
E> For OSScan assuming that port 80 is open and port 20 is closed and neither are firewalled
E> Insufficient responses for TCP sequencing (0), OS detection may be less accurate
E> Interesting ports on powermacintosh8500 (10.0.2.2):
E> (The 3 ports scanned but not shown below are in state: closed)
E> Port       State       Service
E> 21/tcp     filtered    ftp
E> 23/tcp     filtered    telnet
E> 80/tcp     open        http
E> Device type: general purpose
E> Running (JUST GUESSING) : Be BeOS 4.X (88%)
E> Aggressive OS guesses: BeOS 4 - 4.5 (88%)
E> No exact OS matches for host (test conditions non-ideal).

E> Nmap run completed -- 1 IP address (1 host up) scanned in 28.133 seconds

E> ----------------------------------------------------------------------

E> [spatchtower:root] /tmp/nmap-3.30 > ./nmap -O -v -p 20-24,80 -sW 10.0.2.2

E> Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-09-10 20:44 EDT
E> Host powermacintosh8500 (10.0.2.2) appears to be up ... good.
E> Initiating Window Scan against powermacintosh8500 (10.0.2.2) at 20:44
E> Adding open port 21/tcp
E> Adding open port 80/tcp
E> Adding open port 24/tcp
E> Adding open port 22/tcp
E> Adding open port 20/tcp
E> Adding open port 23/tcp
E> The Window Scan took 0 seconds to scan 6 ports.
E> Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open 
E> and 1 closed TCP port
E> For OSScan assuming that port 20 is open and port 37098 is closed and neither are firewalled
E> WARNING:  RST from port 20 -- is this port really open?
E> WARNING:  RST from port 20 -- is this port really open?
E> WARNING:  RST from port 20 -- is this port really open?
E> Insufficient responses for TCP sequencing (0), OS detection may be less accurate
E> For OSScan assuming that port 20 is open and port 44672 is closed and neither are firewalled
E> WARNING:  RST from port 20 -- is this port really open?
E> WARNING:  RST from port 20 -- is this port really open?
E> WARNING:  RST from port 20 -- is this port really open?
E> Insufficient responses for TCP sequencing (0), OS detection may be less accurate
E> For OSScan assuming that port 20 is open and port 37075 is closed and neither are firewalled
E> WARNING:  RST from port 20 -- is this port really open?
E> WARNING:  RST from port 20 -- is this port really open?
E> WARNING:  RST from port 20 -- is this port really open?
E> Insufficient responses for TCP sequencing (0), OS detection may be less accurate
E> Interesting ports on powermacintosh8500 (10.0.2.2):
E> Port       State       Service
E> 20/tcp     open        ftp-data
E> 21/tcp     open        ftp
E> 22/tcp     open        ssh
E> 23/tcp     open        telnet
E> 24/tcp     open        priv-mail
E> 80/tcp     open        http
E> Device type: print server
E> Running (JUST GUESSING) : Intel embedded (90%)
E> Aggressive OS guesses: Intel Netport Express PRO print server V04.33a (90%)
E> No exact OS matches for host (test conditions non-ideal).

E> Nmap run completed -- 1 IP address (1 host up) scanned in 22.981 seconds

E> ----------------------------------------------------------------------

E> [spatchtower:root] /tmp/nmap-3.30 > ./nmap -O -v -p 20-24,80 -sU 10.0.2.2

E> Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-09-10 20:47 EDT
E> Host powermacintosh8500 (10.0.2.2) appears to be up ... good.
E> Initiating UDP Scan against powermacintosh8500 (10.0.2.2) at 20:47
E> The UDP Scan took 0 seconds to scan 6 ports.
E> Adding open port 23/udp
E> Adding open port 80/udp
E> Adding open port 22/udp
E> Adding open port 24/udp
E> Adding open port 20/udp
E> Adding open port 21/udp
E> Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open 
E> and 1 closed TCP port
E> Interesting ports on powermacintosh8500 (10.0.2.2):
E> Port       State       Service
E> 20/udp     open        ftp-data
E> 21/udp     open        ftp
E> 22/udp     open        ssh
E> 23/udp     open        telnet
E> 24/udp     open        priv-mail
E> 80/udp     open        http
E> Device type: print server|general purpose
E> Running (JUST GUESSING) : Intel embedded (89%), Apple Mac OS 7.X (86%), Convex SPP-UX (86%)
E> Aggressive OS guesses: Intel Netport Express PRO print server V04.33a (89%), Apple Mac OS 
E> 7.0-7.1 With MacTCP 1.1.1 - 2.0.6 (86%), Convex SPP-UX 5.2.1 (86%), SPP-UX 5.x on a Convex 
E> SPP-1600 (86%)
E> No exact OS matches for host (test conditions non-ideal).

E> Nmap run completed -- 1 IP address (1 host up) scanned in 16.932 seconds


E> ---------------------------------------------------------------------
E> For help using this (nmap-dev) mailing list, send a blank email to 
E> nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).




-- 
Best regards,
 Bo                            mailto:jcato73 () comcast net



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:

Identifying BeOS DR9? Edhel (Sep 10)
- Re: Identifying BeOS DR9? Bo Cato (Sep 11)
  - Message not available
    - Message not available
    - Re: Identifying BeOS DR9? Edhel (Sep 13)