Nmap Development mailing list archives
Re: DH parms fingerprinting, was: Re: IPv4 OS Fingerprint Integration Highlights
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 24 Nov 2016 17:00:28 -0600
Frank, You may be interested in our ssl-dh-params script, written by Jacob Gajek in the wake of the WeakDH/LOGJAM vulnerability announcement. In addition to reporting vulnerability to those issues, it also matches known parameters against a database and reports on their source. I tested your hash for IronPort and confirmed that that one is missing from our database; we would be grateful if you would be willing to extend what we have with your findings. Dan On Thu, Nov 24, 2016 at 12:20 PM, Frank Bergmann <nmap () tuxad com> wrote:
On Thu, Nov 24, 2016 at 09:58:50AM -0600, Daniel Miller wrote: [...] Hello, I'm using Daniel's email as an "anchor" to send an email regarding "fingerprinting" (see below). Short introduction of myself: I subscribed the dev list several weeks (or months) ago. I live in Germany and work with Apple and *nix systems for many years. And I'm not a native english speaker as you might already have noticed. ;-) Now back to "fingerprinting": In the last weeks I discovered that it is sometimes possible to identify software or even hardware (appliances) by just "fingerprinting" the DH parameters. If you make an SSL connection (mostly tested with smtp/starttls) and you get DH parms i.e. with SHA1sum 0de6ac94b35b9a347c85d495d67e6c6f3c79750d then it is haproxy or 7af9dbc91bea633a6769e1dcea63262d2cee4797 for IronPort. And now my question to the list: Do you think that it makes sense to do more research for "DH parms fingerprinting" and maybe extend nmap with scripts for this? regards, Frank _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- IPv4 OS Fingerprint Integration Highlights Daniel Miller (Nov 24)
- DH parms fingerprinting, was: Re: IPv4 OS Fingerprint Integration Highlights Frank Bergmann (Nov 24)
- Re: DH parms fingerprinting, was: Re: IPv4 OS Fingerprint Integration Highlights Daniel Miller (Nov 24)
- DH parms fingerprinting, was: Re: IPv4 OS Fingerprint Integration Highlights Frank Bergmann (Nov 24)