IPv4 OS Fingerprint Integration Highlights

[Daniel Miller <bonsaiviking () gmail com>]

It's that time again! We processed your IPv4 OS fingerprint submissions
from February through September (1065 of them) and here are the results:

Line count went from 90388 to 94870 (+4482, +5%).
Fingerprint count went from 4766 to 4985 (+219, +5%).

The next part could be surprising, but we had good reason to shake up the
vendor/family combinations this go-around. We use the Vendor portion of the
Class line to report both OS vendor (like Microsoft, Apple, Linux, etc.)
and hardware vendor (Apple, Xerox, AXIS, etc.). In some cases, we know both
of these: if a router is running embedded Linux, we used to report this as
"Class Linksys | Linux | 2.4.X | broadband router" for instance. We changed
that so that the same device will now have two Class lines: "Class Linux |
Linux | 2.4.X | broadband router" and "Class Linksys | embedded ||
broadband router". This makes it easier for our automatic CPE [1] generator
script to extract appropriate OS and hardware info, and also makes it
easier to see what OSs are really represented in a scan. This is the reason
you see so many new "embedded" families and so many deleted Linux, VxWorks,
Windows, etc. below:

New vendor/family combinations:
Aerohive HiveOS, AirMagnet embedded, Airnet embedded, Avaya Communication
Manager, BT embedded, Bomara embedded, Burny embedded, Ceedtec embedded,
Check Point GAiA OS, Chip PC embedded, Citrix XenServer, Cobalt embedded,
Compal embedded, CyanogenMod CyanogenMod, Datalogic embedded, Dell DRAC,
Dell iDRAC, Dick Smith Electronics embedded, Digium embedded, DirecTV
embedded, Draytek embedded, Drobo embedded, Eaton embedded, Emerson
embedded, Endian embedded, Excito embedded, Foscam embedded, Free embedded,
Fuji embedded, Gargoyle Gargoyle, Gennet embedded, Genua embedded,
Hikvision embedded, IGEL embedded, IO-Data embedded, IPCop IPCop, IPCop
embedded, IPFire IPFire, ISS embedded, Infomir embedded, Instar embedded,
Kemp embedded, LaCie embedded, LifeSize embedded, Logitech embedded,
Macsense embedded, Meinberg embedded, Microsoft Windows Mobile, Mitrastar
embedded, NodeMCU embedded, Nokia embedded, Nomadix embedded, Olympus
embedded, OnStor embedded, Oracle Virtualbox, Precise Software Technologies
MQX, Promise embedded, Rigol Technologies embedded, SEH embedded, Secure
Computing embedded, Star Track embedded, Starbridge Networks embedded,
Synology DiskStation Manager, TP-Link embedded, Trane embedded, Ubiquiti
AirOS, Ubiquiti embedded, VIPA embedded, VMware ESXi, Vilar embedded,
WebSense embedded, XEU.com eComStation, Yealink embedded, eCosCentric eCos.
Removed vendor/family combinations:
3Com VxWorks, AXIS Linux, Actiontec Linux, Aerohive embedded, AirMagnet
Linux, Airnet ThreadX, Alcatel-Lucent Linux, Arris VxWorks, Asus Linux,
Avaya Linux, Avaya VxWorks, BT Windows, Belkin Linux, Bomara Linux, Burny
Windows, Ceedtec Linux, Check Point Linux, Chip PC Linux, Cisco Android,
Cisco Linux, Cisco VxWorks, Cisco Windows, Cisco eCos, Citrix Linux, Cobalt
Linux, Connected Data Linux, D-Link Linux, D-Link ThreadX, Datalogic
Windows, Dell Linux, Dell VxWorks, Dick Smith Electronics VxWorks, Digium
Linux, DirecTV Linux, DrayTek Linux, Endian Linux, Enterasys Linux, Epson
Linux, Excito Linux, Fortinet Linux, Foscam Linux, Free Linux, Fuji
Windows, Fujitsu Siemens Windows, GalaxyMetalGear Linux, Gargoyle Linux,
Gennet Linux, Genua OpenBSD, HP Linux, HP VxWorks, HP eCos, HTC Windows,
Hikvision Linux, Huawei Linux, Huawei VxWorks, IGEL Linux, IO-Data Linux,
IPCop Linux, IPFire Linux, ISS Linux, Icy Box Linux, Infomir Linux, Instar
Linux, Intermec Windows, Iomega Linux, Juniper Windows, Kemp Linux, LG
Linux, LaCie Linux, LaCie Windows, Lantronix Linux, LifeSize Linux, Linksys
Linux, Linksys VxWorks, Logitech Linux, MRT Linux, Macsense Linux, Meinberg
Linux, MikroTik Linux, MitraStar Linux, Mobotix Linux, MontaVista Linux,
Motorola Linux, Motorola VxWorks, Motorola Windows, Motorola eCos, NAS4Free
FreeBSD, Netgear Linux, Netgear VxWorks, Netgear eCos, Neuf VxWorks, Nokia
Linux, Nortel VxWorks, ONStor OpenBSD, OpenVZ Linux, Oracle Linux, Philips
Linux, ProVision Linux, Promise Linux, Q-SEE Linux, QNAP Linux, RGB
Networks Linux, Radware embedded, Roku Linux, Scientific Atlanta eCos,
Secure Computing Linux, ShoreTel Linux, Sony FreeBSD, Sony Linux, Star
Track Linux, Starbridge Networks Linux, Stratacache Linux, Sun VxWorks,
Supermicro Linux, Symantec Linux, Symbol Windows, Synology Linux, TRENDnet
ThreadX, Tenda VxWorks, Thomson eCos, Toshiba Linux, Ubiquiti Linux,
Vegastream ThreadX, Vilar Linux, WebSense Linux, Western Digital Linux,
Wyse Linux, ZTE Linux, ZyXEL Linux, eCos eCos, iDirect Linux.

OS X 11
iOS 9
Android 5.1
FreeBSD 11.0
Linux 4.1
Windows Server 2012 R2
Windows 10 build 10240
OpenBSD 5.7
  New fingerprints for various updated OSs. We're still sorting out how to
report Windows 10, since Microsoft has indicated that they will be using a
rolling update system. For now, since we only have a small number of
submissions, we're reporting the build number along with the version.

https://en.wikipedia.org/wiki/VMware_ESX#Versions
+Class VMware | ESX Server | 5.X | specialized
+Class VMware | ESXi | 6.X | specialized
  ESX and ESXi are separate systems, but they were being classified as the
same ("ESX Server"). Going forward, they will be reported correctly.

+Fingerprint Burny CNC controller (Microsoft Windows XP Embedded)
  Nothing like commanding a plasma beam to cut your name into something on
the other side of the world. :)


+Fingerprint JTEKT Toyopuc PC10 programmable logic controller
+Fingerprint Trane Tracer SC building controller
+Fingerprint VIPA PLC CPU
  SCADA and ICS were well-represented again.

+Fingerprint Microsoft Windows Embedded Standard 7
+Fingerprint Microsoft Windows Embedded POSready 7
  Even Microsoft is in the embedded OS business. We'll see if these remain
distinguishable from vanilla Windows 7 as we get more submissions.

+Fingerprint NodeMCU firmware (lwIP stack)
  This was previously reported as "Espressif WiFi system-on-a-chip" but
NodeMCU is more properly the software that is running on it.

+Fingerprint Cobalt Qube 2700WG (Linux 2.0.34)
  A blast from the past! Wikipedia says this was first released in 1998.
https://en.wikipedia.org/wiki/Cobalt_Qube

+Fingerprint DEC TOPS-20 7.1
+Fingerprint HP OpenVMS 6
  For the mainframe-lovers in your life.

And of course a slew of switches, printers, home routers, DVRs, IPMI
on-board controllers, and odd OS configurations that always roll in. Happy
scanning!

Dan

[1] https://nmap.org/book/output-formats-cpe.html

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/