Nmap Development mailing list archives
Nmap 4.20ALPHA7: Thrice the OS detection signatures!
From: Fyodor <fyodor () insecure org>
Date: Tue, 12 Sep 2006 17:55:46 -0700
Hi Everyone. Thanks for heeding my call for more OS detection submissions. We received about a hundred, which allowed me to more than triple the number of signatures from 12 to 42. In DB size, this puts us between the latest version of Synscan (0.1) with 25 signatures and the latest Xprobe2 (0.3) with 224. And we're not even close to the Nmap gen1 OS DB size of 1,684 signatures. So if you have time, please help out, scan a few machines under your control, and submit the fingerprints if Nmap gives you any. While I'll take any submissions I can get, most important right now are mainstream OS's like Linux, Windows, OpenBSD, Cisco routers, OS X, common Linksys/Netgear devices, etc. Once we get to maybe one or two hundred signatures, I'll probably post an alpha release to nmap-hackers, which ought to get us a ton of submissions. But its too embarrassing to do that until we are at least competitive with Xprobe2. As soon as I get enough new signatures, I'll make another release. You can also help by correcting inaccuracies. If you do an -O2 scan (this is important so you don't get gen1 results) and Nmap tells you the machine is (say) Linux 2.6.17 when you know it is 2.6.16, please let us know by following the instructions at http://insecure.org/nmap/submit/ (I hope to replace that with an automated form soon, but for now it tells you what info to email me). It may sound like a small detail, but a bunch of little corrections make a huge difference in accuracy overall. It's the Open Source way :). Anyway, here are the changes in 4.20ALPHA7: o Did a bunch of Nmap 2nd generation fingerprint integration work. Thanks to everyone who sent some in, though we still need a lot more. Also thanks to Zhao for a bunch of help with the integration tools. 4.20ALPHA6 had 12 fingerprints, this new version has 42. The old DB (still included) has 1,684. o Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE (http://standards.ieee.org/regauth/oui/oui.txt) as of September 6, 2006. Also added the unregistered PearPC virtual NIC prefix, as suggested by Robert Millan (rmh(a)aybabtu.com). o Applied some small internal cleanup patches by Kris Katterjohn. And here are the goods: http://download.insecure.org/nmap/dist/nmap-4.20ALPHA7.tar.bz2 http://download.insecure.org/nmap/dist/nmap-4.20ALPHA7-setup.exe http://download.insecure.org/nmap/dist/nmap-4.20ALPHA7-win32.zip http://download.insecure.org/nmap/dist/nmap-4.20ALPHA7-1.src.rpm http://download.insecure.org/nmap/dist/nmap-4.20ALPHA7-1.i386.rpm http://download.insecure.org/nmap/dist/nmap-frontend-4.20ALPHA7-1.i386.rpm http://download.insecure.org/nmap/dist/nmap-4.20ALPHA7-1.x86_64.rpm http://download.insecure.org/nmap/dist/nmap-frontend-4.20ALPHA7-1.x86_64.rpm http://download.insecure.org/nmap/dist/nmap-4.20ALPHA7.tgz Please let nmap-dev know if you encounter any problems! Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 4.20ALPHA7: Thrice the OS detection signatures! Fyodor (Sep 12)
- Re: Nmap 4.20ALPHA7: Thrice the OS detection signatures! GomoR (Sep 13)