Re: New Nmap vs SinFP benchmark

[Arturo 'Buanzo' Busleiman <buanzo () buanzo com ar>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

GomoR wrote:
> I told the author to re-test using latest Nmap, and here
> are the results:

Well, I tried with 3 different browsers to drop a comment there, but it proved impossible :P
Do you have the author's email address?

Anyway, here is what I was about to post:

====

Well, when using Nmap against an IP address that proves difficult to OS-detect (like in your NAT box
example), you should, instead of submitting the fingerprint or whatever, do an nmap Qscan: It's a
new nmap scan that you can use with -sQ. It will let you discover how many boxes are behind the NAT
box, and group them. Then, you can use nmap again to only scan the ports that belong to a certain
group only, and discover each OS separately.

And, you should check out the Nmap Scripting Engine ;)

====

- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
¿No sabés a dónde ir a comer o tomar algo? Visitá www.vivamoslavida.com.ar
LISTA DE CASAMIENTO: Cualquier Fravega a nombre de Busleiman (37520).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFkzfBAlpOsGhXcE0RAvEVAJ9rT7sbWfQ1DhoHU33EuKFZptYXwQCfYNl8
sOhaq0Gfzsxtp4c3eXOzWXc=
=tHdR
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org