Nmap Development mailing list archives
Re: OS fingerprints and virtualization
From: Fyodor <fyodor () insecure org>
Date: Thu, 15 Nov 2007 14:53:26 -0800
On Thu, Nov 15, 2007 at 09:30:40AM -0600, Thomas Buchanan wrote:
I've been doing some testing with 4.23RC1, specifically against guest systems inside VMWare Workstation. I've been prompted a couple of times about submitting OS fingerprints, but I wondered if the virtualization could have an impact on the fingerprinting process. Could the VMWare network driver alter the network packets such that the OS fingerprint is changed? What about virtual system under qemu, connected via tun/tap drivers? Has anybody compared OS network signatures from virtualized systems to bare metal installations? Sorry about all the questions, but I'd rather not submit these fingerprints if they don't accurately reflect the true OS network stack.
Hi Thomas. Good question--it is important not to submit bogus fingerprints. But submitting targets running as a VMWare guest is generally OK. Qemu is probably OK too. In both cases, please not the situation in the comment box and be clear that the virtualized system is the target. If the source machine (the OS you are running Nmap on) is a VMware guest or similar, that is worth noting too. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- OS fingerprints and virtualization Thomas Buchanan (Nov 15)
- RE: OS fingerprints and virtualization Dario Ciccarone (dciccaro) (Nov 15)
- Re: OS fingerprints and virtualization Fyodor (Nov 15)