Re: nmap: OS hints from service versions

[Fyodor <fyodor () insecure org>]

On Sun, May 08, 2011 at 11:08:23PM +0400, Vasiliy Kulikov wrote:
> Or even (still with scanned tcp 22 port):
>
>     Running (JUST GUESSING): OpenBSD 4.X (91%)
>     Aggressive OS guesses: OpenBSD 4.0 (91%)
>     No exact OS matches for host (test conditions non-ideal).
>
> While ssh server version gives very presice information about what
> OS version the machine runs, I get very obscure OS results.  Here I'm
> almost sure the machine runs Debian 5 (Lenny) with kernel 2.6.26.
> I'm almost sure that some other services also disclosure Linux
> distibutive version.  

> Is there currently any way to pass these hints to OS version
> detection engine or at least show these hints in separated output
> block (e.g. via script)?

Rather than pass the tips to Nmap's OS detection system, version
detection itself has a system for printing the likely OS.  Keeping the
systems separate helps in cases where you have a target host running
one OS while forwarding requests to certain ports to other machines.
See the book section that Luis posted.  In the your Debian OpenSSH
example, you should have gotten a line like:

Service Info: OS: Linux

Are you sure you didn't get that?  The Debian SSH match line seems to
set the "Linux" OS characteristic:

match ssh m|^SSH-([\d.]+)-OpenSSH_([\w._-]+)[ -]{1,2}Debian[ -_]([^\r\n]+)\r?\n| p/OpenSSH/ v/$2 Debian $3/ i/protocol 
$1/ o/Linux/

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/