Re: nmap: OS hints from service versions

[Narendra Choyal Security <narendrachoyalsecurity () gmail com>]

These shows different results because of NAT, proxy, forwarding : firewall

better results like:

OS Detection will identify the for proxy,
   while
Version Scanning will generally detect the server running the proxied
application.



Regards,
Narendra Choyal

On Mon, May 9, 2011 at 12:38 AM, Vasiliy Kulikov <segooon () gmail com> wrote:
> Hi,
>
> Rather often I get interesting results:
>
>    PORT     STATE  SERVICE VERSION
>    ...
>    22/tcp   open   ssh     OpenSSH 5.1p1 Debian 5 (protocol 2.0)
>    ...
>    Device type: general purpose|firewall
>    Running (JUST GUESSING): Linux 2.6.X (93%), ISS Linux 2.4.X (87%)
>    Aggressive OS guesses: Linux 2.6.18 (93%), ISS Proventia GX3002 firewall
>    (Linux 2.4.18) (87%), Linux 2.6.22 (85%), Linux 2.6.9 - 2.6.27 (85%),
>    Linux 2.6.30 (85%)
>
> Or even (still with scanned tcp 22 port):
>
>    Running (JUST GUESSING): OpenBSD 4.X (91%)
>    Aggressive OS guesses: OpenBSD 4.0 (91%)
>    No exact OS matches for host (test conditions non-ideal).
>
> While ssh server version gives very presice information about what
> OS version the machine runs, I get very obscure OS results.  Here I'm
> almost sure the machine runs Debian 5 (Lenny) with kernel 2.6.26.
> I'm almost sure that some other services also disclosure Linux
> distibutive version.  Is there currently any way to pass these hints to
> OS version detection engine or at least show these hints in separated
> output block (e.g. via script)?
>
> Thanks,
>
> --
> Vasiliy
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/