Re: New OS Detection?

[Fyodor <fyodor () insecure org>]

On Mon, Aug 07, 2006 at 11:44:27PM -0500, Alan Jones wrote:
> I was just curious how the new OS detection code was coming along...
>
> Code? Improvements in detection? Speed? Database signatures, etc......

Great question.  As Zhao noted, we're still working on it, but are absolutely nearing the point where we can start 
collecting signatures.  I made some changes to the OS fingerprinting doc this morning, in fact.  We're not talking 
dramatic changes, but important little details.  Like the TCP sequence probe #6 no longer has the SACK TCP option 
because that may affect returned window size or other details against some platforms.

We want to get it just right before spending years collecting
thousands of fingerprints, so if you have ideas for improving the
system, now is definitely the time to speak up!  Our latest ideas are
documented here:

  http://insecure.org/nmap/osdetect/

> It is an area we are all interested in....

I'm glad of that!  A lot of exciting development is going on this
summer (NSE, UMIT, etc.) but OS detection is definitely one of the
most important for Nmap.  So please stay tuned for our call for OS
signature gathering assistance.

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev