IPv6 Fingerprint integration highlights

[Daniel Miller <bonsaiviking () gmail com>]

Only 12 IPv6 fingerprint submissions this quarter, though I managed to
gather a few extra OS X fingerprints myself. We added 3 new groups
(classifications), up to 96 in total, and strengthened or expanded several
existing groups.

-group OpenBSD 5.3
+group OpenBSD 5.3 - 5.8
  Expanded OpenBSD matching to include version 5.8

+group IBM i 7.2
  EBCDIC and IPv6? Yes, indeed!

-group Apple Mac OS X 10.6.8 - 10.9.5 (Snow Leopard - Mavericks) or iOS
4.3.3 - 6.1.3 (Darwin 10.8.0 - 13.4.0)
+group Apple Mac OS X 10.6.8 - 10.7 (Snow Leopard - Lion) or iOS 4.3.3
(Darwin 10.8.0 - 11.3.0)
-group Apple Mac OS X 10.10 (Yosemite) (Darwin 14.0.0 - 14.3.0)
+group Apple Mac OS X 10.9 (Mavericks) - 10.11 (El Capitan) or iOS 6 - 9.1
(Darwin 13.0.0 - 15.3.0)
  By rearranging prints, we were able to distinguish a bit better between
OS X versions. The TCP_WSCALE feature is a strong distinguisher, but the
engine is having trouble noticing it, probably because of a lack of
observations (submissions) relative to other stronger groups. We are
looking into ways of remedying this so that we can split the group and
distinguish individual versions again.

+group Apple Mac OS X 10.10 (Yosemite) - 10.11 (El Capitan) (Darwin 14.0.0
- 15.3.0)
+group Apple Mac OS X 10.9 (Mavericks) (Darwin 13.4.0)
  Two new groups for localhost scans on OS X.

Happy scanning, and please remember to submit IPv6 fingerprints and
corrections!

Dan

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/