Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ICMPV6_TYPE and ICMPV6_CODE features for IPv6 OS detection

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 9 Oct 2015 19:14:05 -0500
Alex,

Thanks again for working on this. Applied in r35318.

Dan

On Thu, Aug 20, 2015 at 2:10 PM, Alexandru Geana <alex () alegen net> wrote:


Hello David and list,

After some additional testing and discussion on IRC, it was decided to
add these features to the classification engine.

Attached I am sending patches for the required code in nmap to make use
of the features during fingerprinting.

Best regards,
Alexandru Geana
alegen.net

On 06/12, David Fifield wrote:

Here's a patch that adds support for ICMPV6_TYPE and ICMPV6_CODE
features (only in the Python-based training programs, not yet in
FPEngine.cc).

At the end of this message is a summary of the values of the features in
our current OS database. -- means there was no response. You can see
some interesting trends. For one, all OSes that reply to IE1 do so with
a type of 129 (echo reply), but some reflect the probes code of 9 and
some always send a code of 0. Everyone dislikes the IE2 probe and
replies with a type of 4 (parameter problem), but some send a code of 0
(erroneous header field), some send 1 (unrecognized Next Header type),
and two versions of OpenBSD send 2 (unrecognized IPv6 option). Many OSes
respond to the NI probe with type 140 (NI reply), but many versions of
Windows send back a type 4 (parameter problem). The responses to NS are
uniformly type 136 (neighbor advertisement) with code 0.

I tried training with and without these features and they seem to have
no effect on accuracy. I'm guessing it's because our existing features
are already



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: