Nmap Development mailing list archives
OS/Service fingerprints
From: Martin Kluge <martin () elxsi de>
Date: Sun, 21 Sep 2003 12:21:07 +0200
Hi list, today I submitted some service and os fingerprintings. I scanned some boxes in my local net, grepped for the submission URL, copied it, opened my webbrowser, pasted the URL and filled out some fields, went back to my nmap console, copied the service/os fingerprint and pasted it in my browser. I think, you know what I mean. This is really stressfull if you want to submit a lot of fingerprints. Why not setup a simple fingerprinting daemon on insecure.org and add a submit feature to nmap (this only works when your scan box is connected to the internet of course, but I think most of the boxes are connected)? Example: bash-2.05b# nmap -sV -sS -O elxsi.de Starting nmap 3.46 ( http://www.insecure.org/nmap/ ) at 2003-09-21 12:06 CEST Insufficient responses for TCP sequencing (3), OS detection may be less accurate Interesting ports on elxsi.de (62.208.141.119): (The 1651 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6 (protocol 1.99) 25/tcp open smtp Qmail smtpd 53/tcp open domain ISC Bind 9.2.2 80/tcp open http Apache httpd 1.3.27 ((Unix) PHP/4.3.2) 110/tcp open pop3 3306/tcp open mysql MySQL 4.0.14 1 service unrecognized despite returning data: SF-Port110-TCP:V=3.46%D=9/21%Time=3F6D7863%r(NULL,D,"\+OK\x20ready\x20\x20 SF:\r\n")%r(GenericLines,D,"\+OK\x20ready\x20\x20\r\n"); Device type: general purpose Running: OpenBSD 3.X OS details: OpenBSD 3.1 (X86) Would you like to submit this service fingerprint to insecure.org [yes/no]? yes Please enter some missing information: Service name: pop-3 Platform/OS: OpenBSD 3.1 (this could be taken from the above OS scan) Service Description: qmail 1.03 pop3 daemon Email: foo () bar com Submitting...done. Nmap run completed -- 1 IP address (1 host up) scanned in 63.361 seconds The submit feature should be disabled by default I think, so the user won't be stressed with entering information every time he simply wants to scan a box. I also found another "problem". I OS-scanned a embedded device and got some OS fingerprintings and nmap, as usual, suggested some possible devices: Device type: terminal server|WAP|telecom-misc|specialized Running: Copper Mountain embedded, 3Com embedded, TrueTime embedded, Compaq embedded OS details: Embedded device: HP Switch, Copper Mountain DSL Concentrator, Compaq Remote Insight Lights-Out remote console card, 3Com NBX 25 phone system or Home Wireless Gateway, or TrueTime NTP clock The device wasn't listed above and so I decided to submit a new OS fingerprint, but couldn't find the URL for the OS fingerprint submissions easily (no link on the homepage, at least I didn't find one, no URL in the nmap manpage, ...). I think nmap should also print the submission URL if it already has some possible operating systems for the specific fingerprint. Only some thoughts of me (and sorry for my bad english) :) Cheers, Martin -- Name : Martin Kluge email : martin () elxsi info Phone : +49 160 1515182 Projects : http://www.aa-security.de GPG Key : http://www.elxsi.de/key.pub
Attachment:
_bin
Description:
Current thread:
- OS/Service fingerprints Martin Kluge (Sep 21)