Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Comments on OS detection 2nd generation

From: Arturo 'Buanzo' Busleiman <buanzo () buanzo com ar>
Date: Fri, 26 May 2006 14:16:43 -0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

GomoR wrote:

4. ICMP/UDP probes 

I do not like these probes just because when a target has an open TCP port,
we are not totally assured that a firewall in-between is not crafting
responses for these tests. So, you may end up with a fingerprint generated
in part from the true target, and in part from a false target, leading to
a bad detection. 


I agree. This has been discussed several times under the "nmap doesn't correctly detect BLAH"
subject. Lots of people miss the fact tht there are LOTS of devices between you and your target,
like in packet-forwarding/NAT/DMZ configurations.

- --
Arturo "Buanzo" Busleiman - VPN Mail Project - http://vpnmail.buanzo.com.ar
Consultor en Seguridad Informatica - http://www.buanzo.com.ar

for f in www blog linux-consulting vpnmail; do firefox http://$f.buanzo.com.ar ; done
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEdzf7AlpOsGhXcE0RAmudAJwLl7yrXFqIf6ucCVTeWriGW7MHjACfYKQ+
hzhEDh0ii9qdqXb5mLBRNB4=
=0yrz
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: