Nmap Development mailing list archives
Re: Comments on OS detection 2nd generation
From: "Joshua D. Abraham" <jabra () ccs neu edu>
Date: Fri, 26 May 2006 13:26:43 -0400
I have been doing testing and I have found that my machine isn't being identified because it is returning 2.4|2.5|2.6. One idea I had is that for ubuntu machines there is no way to turn off the banner for ssh. Therefore, the response is SSH-2.0-OpenSSH_4.2p1 Debian-7ubuntu3 which clearly identifies the machine as 2.6 since ubuntu doesn't have a version for 2.4. Just another method which might be interesting to consider. Regards, Josh On 26.May.2006 02:16PM -0300, Arturo 'Buanzo' Busleiman wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GomoR wrote:4. ICMP/UDP probes I do not like these probes just because when a target has an open TCP port, we are not totally assured that a firewall in-between is not crafting responses for these tests. So, you may end up with a fingerprint generated in part from the true target, and in part from a false target, leading to a bad detection.I agree. This has been discussed several times under the "nmap doesn't correctly detect BLAH" subject. Lots of people miss the fact tht there are LOTS of devices between you and your target, like in packet-forwarding/NAT/DMZ configurations. - -- Arturo "Buanzo" Busleiman - VPN Mail Project - http://vpnmail.buanzo.com.ar Consultor en Seguridad Informatica - http://www.buanzo.com.ar for f in www blog linux-consulting vpnmail; do firefox http://$f.buanzo.com.ar ; done -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEdzf7AlpOsGhXcE0RAmudAJwLl7yrXFqIf6ucCVTeWriGW7MHjACfYKQ+ hzhEDh0ii9qdqXb5mLBRNB4= =0yrz -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
-- Joshua D. Abraham Northeastern University College of Computer and Information Science www.ccs.neu.edu/home/jabra _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Comments on OS detection 2nd generation GomoR (May 26)
- Re: Comments on OS detection 2nd generation Arturo 'Buanzo' Busleiman (May 26)
- Re: Comments on OS detection 2nd generation Joshua D. Abraham (May 26)
- Re: Comments on OS detection 2nd generation Arturo 'Buanzo' Busleiman (May 26)
- Re: Comments on OS detection 2nd generation Joshua D. Abraham (May 26)
- Re: Comments on OS detection 2nd generation (soft fingerprinting) Brandon Enright (May 26)
- Re: Comments on OS detection 2nd generation (soft fingerprinting) Joshua D. Abraham (May 26)
- Re: Comments on OS detection 2nd generation (soft fingerprinting) Fyodor (May 26)
- Re: Comments on OS detection 2nd generation (soft fingerprinting) Joshua D. Abraham (May 26)
- Re: Comments on OS detection 2nd generation Joshua D. Abraham (May 26)
- Re: Comments on OS detection 2nd generation (soft fingerprinting) Fyodor (May 26)
- Re: Comments on OS detection 2nd generation (soft fingerprinting) Joshua D. Abraham (May 26)
- Re: Comments on OS detection 2nd generation (soft fingerprinting) Fyodor (May 26)
- Re: Comments on OS detection 2nd generation (soft fingerprinting) Joshua D. Abraham (May 26)
- Re: Comments on OS detection 2nd generation Arturo 'Buanzo' Busleiman (May 26)