Re: nmap and a new idea

[Fyodor <fyodor () insecure org>]

On Mon, Mar 08, 2004 at 12:36:44AM -0700, Dual Mobius wrote:
> Xprobe2 uses a simple "fuzzy logic" system where the scores for tests are 
> summed and then the results are sorted in descending order.

Nmap has actually had this feature for much longer than Xprobe2 has
existed.  I added the option in August of 2000 (version 2.53BETA3),
but I haven't gotten around to documenting it yet :).  So I don't
blame you for missing it.  Next time Nmap tells you "no matches
found", try again with the --fuzzy (or, equivalently, --osscan_guess)
option and Nmap will give you a reverse-sorted list of the closest
matches.

I will soon update Nmap to guess in more situations, even if you don't
specify --fuzzy .  That will reduce the need for --fuzzy to the extent
that I may never even need to document it.

The reason I kept this option secret was that I considered a wrong
guess to be worse than no guesses at all.  So Nmap only printed
results when every single test matched a signature.  After all,
Xprobe2 is guessing in your example and look how wrong it is.  But I
now consider guessing OK as long as Nmap is very explicit that this is
less certain than its normal OS guess.

Cheers,
-F


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org