OS Fingerprint Integration Highlights

[Daniel Miller <bonsaiviking () gmail com>]

Hello, List!

In late July, I finished integrating 2777 OS fingerprints submitted between
June 2013 and May 2014. Here are some notable changes:

Apple Mac OS X 10.7.0 (Lion) - 10.9.2 (Mavericks) or iOS 4.1 - 7.1 (Darwin
10.0.0 - 14.0.0)
    We added detection for OS X 10.9 Mavericks and iOS 7, but sadly in most
    cases they cannot be distinguished from previous versions.

Android 4.2.2 (Linux 3.4)
Android 4.3
Linux 3.10
Linux 3.11 - 3.14
OpenBSD 5.4
OpenBSD 5.5
FreeBSD 9.2-RELEASE
FreeBSD 9.2-RELEASE-p3
    New fingerprints for various updated OSs.

Cisco EPC3925, DPC2320, Motorola SURFboard SB5101E, or Scientific Atlanta
EPC2203 cable modem (eCos 2.0)
HP ProCurve 1810G switch (eCos 3.0)
Netgear CG814WG v2, Thomson TWG870U, Ubee DVW3201B, or Cisco DPC3825
wireless cable modem (eCos 2.0)
Netgear CG814WG wireless cable modem (eCos 2.0)
    For several new submissions, I was able to find GPL disclosure
statements
    from the manufacturer that listed the specific OS used. These are some
    example systems that use the eCos embedded OS.

OUYA game console
Sony Playstation 4 (FreeBSD)
    A couple new game consoles. It came as a surprise to me to see that the
    Playstation 4 runs FreeBSD. The Ouya fingerprint appeared to be missing
    some info, so we'd appreciate additional submissions if anyone has them.

AzBox Bravissimo Twin satellite TV decoder
Dreambox DM7025+ satellite TV tuner
LaSAT satellite receiver
Head Digital Medialink Black Panther cable receiver
LG Bp430 Blu-ray Player
Infomir MAG-250 set-top box
Frontier Silicon Venice 6.2 Internet Radio
Grace Digital Internet radio
NOXON digital radio
Pinell Supersound II iRadio
    Home media equipment is increasingly Internet-connected.

Beat MIB MusicButler
Dolby Digital Cinema Sound Processor CP750
MusicianLink jamLink
    Professional media equipment also showed up.

Dell Integrated Remote Access Controller (iDRAC5)
Dell Integrated Remote Access Controller (iDRAC6)
Dell Integrated Remote Access Controller (iDRAC7)
Dell Remote Access Controller (DRAC) 4/I
Supermicro AOC-SIMSO+ daughter card
Supermicro IPMI BMC (Linux 2.6)
HP iLO 3 or iLO 4 remote management interface
HP iLO 4 remote management interface
    Dan Farmer's IPMI research (http://fish2.com/ipmi/) makes these new
    fingerprints particularly interesting.

Philips Hue Bridge (lwIP stack v1.4.0)
    This device acts as a controller to a ZigBee mesh network of
lightbulbs, so
    you can dim your house lights from anywhere. The lwIP stack also got its
    own fingerprint for this updated version.

Some more strange or interesting devices:
JTEKT Toyopuc PC10 programmable logic controller
Kaba-Benzing time and attendance terminal
Neopost IS-330 or IS-350 post franking machine
Opto 22 SNAP-PAC-EB2 I/O controller - This one is marketed as an "Ethernet
Brain"!
Reliable Controls MAC ProWebCom building control server
IBM 4960 OS point-of-sale system
IBM System Storage TS3500 tape library
Liebert IntelliSlot Web Card - "SNMP, Telnet, and web" control of UPS and
server-room cooling systems.

Additionally, we got an enormous number of submissions for the Raspberry Pi,
running various Linux distros. A majority of them match line 52204,
"Fingerprint
Linux 3.2 - 3.10", which pretty much only matches kernel 3.10 on the
Raspberry Pi
and 3.2 on Debian/Ubuntu. (One submission for 3.8 on Ubuntu matched,
otherwise
this would have been "Fingerprint Linux 3.2 OR 3.10")

Line count went from 78287 to 85180 (+6893, +9%).
Fingerprint count went from 4119 to 4485 (+366, +9%).
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/