Nmap Development mailing list archives
nmap OS detection over OpenVPN v. 2.2.1
From: Антон Конвалюк <w.o.l.f.paradox () mail ru>
Date: Thu, 24 Jan 2013 18:07:28 +0400
Hello! I have got a virtual pentest lab (ProxMox VE). And for outside connection I use OpenVPN (bridged). It works fine, but there is a problem. I'm trying to nmap MS Windows 2000 machine in VE. To do it I use Backtrack 5 R3 connected to virtual network over VPN. But nmap cannot recognize remote OS. But if I close my VPN connection, add network interface (with IP from the same subnet as Backtrack 5) to MS Windows 2000 machine and nmap it, everything is OK. Below VPN server and client config files are represented: ==== Server ==== #user nobody #group nogroup script-security 2 comp-lzo push comp-lzo max-clients 100 status-version 1 status /var/log/ovpn-status.log 30 log /var/log/ovpn.log 30 verb 3 server-bridge 192.168.150.1 255.255.255.0 192.168.150.130 192.168.150.254 dev tap0 proto udp port 1194 keepalive 10 120 persist-local-ip tls-server ca /etc/ssl/certs/ca.crt cert /etc/ssl/certs/server.crt key /etc/ssl/keys/server.key dh /etc/ssl/keys/dh1024.pem tls-auth /etc/ssl/keys/ta.key 0 auth-nocache yes cipher AES-256-CBC tls-cipher DHE-RSA-AES256-SHA persist-key remote-cert-tls client #client-to-client client-config-dir /etc/openvpn/ccd ccd-exclusive ==== ====== ==== ==== Client ==== #user nobody #group nogroup proto udp port 1194 dev tap0 comp-lzo ca ca.crt cert client.crt key client.key client ns-cert-type server remote-cert-tls server tls-auth ta.key 1 remote 192.168.0.213 nobind persist-key status-version 1 status /var/log/vpn-status.log log /var/log/vpn.log verb 3 script-security 2 cipher AES-256-CBC tls-cipher DHE-RSA-AES256-SHA ==== ====== ==== And part of nmap output (with unsuccessful detection): ==== ====== ==== 3 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port88-TCP:V=6.25%I=7%D=1/24%Time=510134E8%P=i686-pc-linux-gnu%r(Kerber SF:os,60,"\0\0\0\\~Z0X\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18 SF:\x0f20130124142031Z\xa5\x05\x02\x03\n\xc70\xa6\x03\x02\x01D\xa9\x0c\x1b SF:\nPENTEST\.UC\xaa\x1f0\x1d\xa0\x03\x02\x01\x02\xa1\x160\x14\x1b\x06krbt SF:gt\x1b\nPENTEST\.UC")%r(SMBProgNeg,4,"\0\0\0\0"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port464-TCP:V=6.25%I=7%D=1/24%Time=51013513%P=i686-pc-linux-gnu%r(Kerbe SF:ros,64,"\0\0\0`~\^0\\\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x SF:18\x0f20130124142113Z\xa5\x05\x02\x03\r\xedl\xa6\x03\x02\x01'\xa9\x0c\x SF:1b\nPENTEST\.UC\xaa\x1d0\x1b\xa0\x03\x02\x01\x02\xa1\x140\x12\x1b\x06ka SF:dmin\x1b\x08changepw\xac\x04\x04\x02\0\x03")%r(SMBProgNeg,64,"\0\0\0`~\ SF:^0\\\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18\x0f20130124142 SF:118Z\xa5\x05\x02\x03\x0eg~\xa6\x03\x02\x01'\xa9\x0c\x1b\nPENTEST\.UC\xa SF:a\x1d0\x1b\xa0\x03\x02\x01\x02\xa1\x140\x12\x1b\x06kadmin\x1b\x08change SF:pw\xac\x04\x04\x02\0\x03"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port3372-TCP:V=6.25%I=7%D=1/24%Time=510134E4%P=i686-pc-linux-gnu%r(GetR SF:equest,6,"HV\x0b\0x\x01")%r(RTSPRequest,6,"HV\x0b\0x\x01")%r(HTTPOption SF:s,6,"HV\x0b\0x\x01")%r(Help,6,"HV\x0b\0x\x01")%r(SSLSessionReq,6,"HV\x0 SF:b\0x\x01")%r(FourOhFourRequest,6,"HV\x0b\0x\x01")%r(LPDString,6,"HV\x0b SF:\0x\x01")%r(SIPOptions,6,"HV\x0b\0x\x01"); MAC Address: 7E:20:F8:FE:72:59 (Unknown) No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=6.25%E=4%D=1/24%OT=7%CT=1%CU=37437%PV=Y%DS=1%DC=D%G=Y%M=7E20F8%TM OS:=51013587%P=i686-pc-linux-gnu)SEQ(SP=85%GCD=1%ISR=99%TI=I%CI=I%II=I%SS=S OS:%TS=0)OPS(O1=M528NW0NNT00NNS%O2=M528NW0NNT00NNS%O3=M528NW0NNT00%O4=M528N OS:W0NNT00NNS%O5=M528NW0NNT00NNS%O6=M528NNT00NNS)WIN(W1=4308%W2=4308%W3=410 OS:0%W4=40E8%W5=40E8%W6=402E)ECN(R=Y%DF=Y%T=80%W=4308%O=M528NW0NNS%CC=N%Q=) OS:T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=N%T=80%W=0%S=Z%A=S%F=AR OS:%O=%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=402E%S=O%A=S+%F=AS%O=M528NW0NNT00NNS%RD=0 OS:%Q=)T4(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=80%W=0%S=Z OS:%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y OS:%DF=N%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=80%IPL=38%UN=0%RIP OS:L=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=S%T=80%CD=Z) Network Distance: 1 hop ==== ====== ==== Hope, somebody know what the problem is. Thanks! _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap OS detection over OpenVPN v. 2.2.1 Антон Конвалюк (Jan 24)
- Re: nmap OS detection over OpenVPN v. 2.2.1 David Fifield (Jan 24)
- Re[2]: nmap OS detection over OpenVPN v. 2.2.1 Anton Konvalyuk (Jan 25)
- Re: nmap OS detection over OpenVPN v. 2.2.1 David Fifield (Jan 24)