Nmap Development mailing list archives
Re: NMAP OS Guessing Tweak
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 14 Jan 2009 21:01:39 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 14 Jan 2009 10:39:45 -0500 "Juengling, Kurt W" <juengling () att com> wrote:
Running NMAP 4.62. Intense scan against a remote Windows 2000 web host. NMAP correctly reports Microsoft IIS webserver 5.0 as running on TCP 80, then guesses that the OS is XP SP2 (88% confidence). May consider tweaking the heuristics to equate IIS 5.0 with Windows 2000 Server, and XP with IIS 5.1. Outstanding tool - really enjoy it! Kurt
Actually the service version scan has no effect on the OS scan. This is by design and is covered in the "Nmap Network Scanning" book in section 8.4 (Fingerprinting Methods Avoided by Nmap, page 189). Luckily though, service detection does have a way to set the service-discovered OS via o/.../ on the match line. This shows up in the output like so: "Service Info: OS: Unix" For the most part, services that indicate Windows are just specified as "Windows". There are a few services that specify a specific version of Windows like "Windows 2000". It would not be hard to change the IIS 5, 5.1, and 6 match lines to provide a little more detail. We shouldn't change 5.0 to be "Windows 2000 Server" because "Server" isn't always accurate. Also, if I recall correctly, IIS 5.1 could appear on more than just Windows XP (server 2003?). If you cook up a patch to nmap-service-probes that prints more detailed (and accurate) information I'm sure we'll accept it. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkluUrkACgkQqaGPzAsl94I5lwCgnv78W61S4cGeIMUz2jAsWDV6 rjoAn0cPiYVzWzo00TIO2eHBDnC06X3P =G5Vr -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NMAP OS Guessing Tweak Juengling, Kurt W (Jan 14)
- Re: NMAP OS Guessing Tweak Brandon Enright (Jan 14)
- RE: NMAP OS Guessing Tweak Juengling, Kurt W (Jan 14)
- Re: NMAP OS Guessing Tweak Brandon Enright (Jan 14)
- RE: NMAP OS Guessing Tweak Juengling, Kurt W (Jan 14)
- Re: NMAP OS Guessing Tweak Brandon Enright (Jan 14)