Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Nmap 4.20ALPHA7: Thrice the OS detection signatures!

From: Fyodor <fyodor () insecure org>
Date: Tue, 12 Sep 2006 17:55:46 -0700
Hi Everyone.  Thanks for heeding my call for more OS detection
submissions.  We received about a hundred, which allowed me to more
than triple the number of signatures from 12 to 42.  In DB size, this
puts us between the latest version of Synscan (0.1) with 25 signatures
and the latest Xprobe2 (0.3) with 224.  And we're not even close to
the Nmap gen1 OS DB size of 1,684 signatures.

So if you have time, please help out, scan a few machines under your
control, and submit the fingerprints if Nmap gives you any.  While
I'll take any submissions I can get, most important right now are
mainstream OS's like Linux, Windows, OpenBSD, Cisco routers, OS X,
common Linksys/Netgear devices, etc.  Once we get to maybe one or two
hundred signatures, I'll probably post an alpha release to
nmap-hackers, which ought to get us a ton of submissions.  But its too
embarrassing to do that until we are at least competitive with
Xprobe2.  As soon as I get enough new signatures, I'll make another
release.

You can also help by correcting inaccuracies.  If you do an -O2 scan
(this is important so you don't get gen1 results) and Nmap tells you
the machine is (say) Linux 2.6.17 when you know it is 2.6.16, please
let us know by following the instructions at
http://insecure.org/nmap/submit/ (I hope to replace that with an
automated form soon, but for now it tells you what info to email me).
It may sound like a small detail, but a bunch of little corrections
make a huge difference in accuracy overall.  It's the Open Source way
:).

Anyway, here are the changes in 4.20ALPHA7:

o Did a bunch of Nmap 2nd generation fingerprint integration work.
  Thanks to everyone who sent some in, though we still need a lot more.
  Also thanks to Zhao for a bunch of help with the integration tools.
  4.20ALPHA6 had 12 fingerprints, this new version has 42.  The old DB
  (still included) has 1,684.

o Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
  (http://standards.ieee.org/regauth/oui/oui.txt) as of September 6, 2006.
  Also added the unregistered PearPC virtual NIC prefix, as suggested
  by Robert Millan (rmh(a)aybabtu.com).

o Applied some small internal cleanup patches by Kris Katterjohn.

And here are the goods:

http://download.insecure.org/nmap/dist/nmap-4.20ALPHA7.tar.bz2
http://download.insecure.org/nmap/dist/nmap-4.20ALPHA7-setup.exe
http://download.insecure.org/nmap/dist/nmap-4.20ALPHA7-win32.zip
http://download.insecure.org/nmap/dist/nmap-4.20ALPHA7-1.src.rpm
http://download.insecure.org/nmap/dist/nmap-4.20ALPHA7-1.i386.rpm
http://download.insecure.org/nmap/dist/nmap-frontend-4.20ALPHA7-1.i386.rpm
http://download.insecure.org/nmap/dist/nmap-4.20ALPHA7-1.x86_64.rpm
http://download.insecure.org/nmap/dist/nmap-frontend-4.20ALPHA7-1.x86_64.rpm
http://download.insecure.org/nmap/dist/nmap-4.20ALPHA7.tgz

Please let nmap-dev know if you encounter any problems!

Cheers,
Fyodor


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: