Re: DH parms fingerprinting, was: Re: IPv4 OS Fingerprint Integration Highlights

[Daniel Miller <bonsaiviking () gmail com>]

Frank,

You may be interested in our ssl-dh-params script, written by Jacob Gajek
in the wake of the WeakDH/LOGJAM vulnerability announcement. In addition to
reporting vulnerability to those issues, it also matches known parameters
against a database and reports on their source. I tested your hash for
IronPort and confirmed that that one is missing from our database; we would
be grateful if you would be willing to extend what we have with your
findings.

Dan

On Thu, Nov 24, 2016 at 12:20 PM, Frank Bergmann <nmap () tuxad com> wrote:

> On Thu, Nov 24, 2016 at 09:58:50AM -0600, Daniel Miller wrote:
> [...]
>
> Hello,
>
> I'm using Daniel's email as an "anchor" to send an email regarding
> "fingerprinting" (see below).
>
> Short introduction of myself:
> I subscribed the dev list several weeks (or months) ago. I live in Germany
> and
> work with Apple and *nix systems for many years. And I'm not a native
> english
> speaker as you might already have noticed. ;-)
>
> Now back to "fingerprinting":
> In the last weeks I discovered that it is sometimes possible to identify
> software or even hardware (appliances) by just "fingerprinting" the DH
> parameters. If you make an SSL connection (mostly tested with
> smtp/starttls) and
> you get DH parms i.e. with SHA1sum 0de6ac94b35b9a347c85d495d67e6c6f3c79750d
> then
> it is haproxy or 7af9dbc91bea633a6769e1dcea63262d2cee4797 for IronPort.
>
> And now my question to the list:
> Do you think that it makes sense to do more research for "DH parms
> fingerprinting" and maybe extend nmap with scripts for this?
>
> regards,
> Frank
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/