Some more fingerprints

[Nickolai Zeldovich <kolya () zepa net>]

Apollo Domain/OS SR10.4:

TSeq(Class=TD%gcd=1%SI=33)
TSeq(Class=RI%gcd=1%SI=2324)
TSeq(Class=TD%gcd=1%SI=33)
T1(Resp=Y%DF=N%W=239C%ACK=S++%Flags=AS%Ops=M)
T1(Resp=Y%DF=N%W=239C%ACK=O%Flags=AS%Ops=M)
T2(Resp=N)
T3(Resp=Y%DF=N%W=239C%ACK=S++%Flags=AS%Ops=M)
T3(Resp=Y%DF=N%W=239C%ACK=O%Flags=AS%Ops=M)
T4(Resp=Y%DF=N%W=239C%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=800%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=800%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=800%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=134%RIPCK=F%UCK=E%ULEN=134%DAT=E)

Surprisingly, there isn't a matching fingerprint in nmap-os-fingerprints
for FreeBSD 2.2.6 (with all up-to-date patches) yet:

TSeq(Class=RI%gcd=3%SI=40F3)
TSeq(Class=RI%gcd=1%SI=DBA9)
TSeq(Class=RI%gcd=1%SI=D289)
T1(Resp=Y%DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT)
T4(Resp=Y%DF=N%W=4000%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=Y%TOS=0%IPLEN=38%RIPTL=148%RIPCK=F%UCK=0%ULEN=134%DAT=E)

Also SunOS 4.1.3_U1 (sun4m):

TSeq(Class=64K)
T1(Resp=Y%DF=N%W=1000%ACK=S++%Flags=AS%Ops=)
T2(Resp=N)
T3(Resp=Y%DF=N%W=1000%ACK=O%Flags=A%Ops=)
T4(Resp=Y%DF=N%W=1000%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=Y%TOS=0%IPLEN=38%RIPTL=148%RIPCK=0%UCK=0%ULEN=134%DAT=E)

SunOS 4.1.1 (sun4c):

TSeq(Class=64K)
T1(Resp=Y%DF=N%W=1000%ACK=S++%Flags=AS%Ops=)
T2(Resp=N)
T3(Resp=Y%DF=N%W=1000%ACK=O%Flags=A%Ops=)
T4(Resp=Y%DF=N%W=1000%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=Y%TOS=0%IPLEN=38%RIPTL=148%RIPCK=E%UCK=0%ULEN=134%DAT=E)

Ascend Max 4048 running +5.0Ap6+:

TSeq(Class=TD%gcd=388%SI=0)
T1(Resp=Y%DF=N%W=800%ACK=S++%Flags=AS%Ops=M)
T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=N%W=800%ACK=S++%Flags=AS%Ops=M)
T3(Resp=N)
T4(Resp=Y%DF=N%W=0%ACK=S%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=S%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Ascend Max 4048 running +6.0.2+:

TSeq(Class=RI%gcd=1%SI=F886)
TSeq(Class=RI%gcd=1%SI=6066)
TSeq(Class=RI%gcd=1%SI=3FC0)
T1(Resp=Y%DF=N%W=111C%ACK=S++%Flags=AS%Ops=M)
T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=N%W=111C%ACK=S++%Flags=AS%Ops=M)
T4(Resp=Y%DF=N%W=0%ACK=S%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=S%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RIPCK=E%UCK=E%ULEN=134%DAT=E)

DECstation 5000 running Ultrix 4.2:

TSeq(Class=64K)
T1(Resp=Y%DF=N%W=4000%ACK=S++%Flags=AS%Ops=M)
T2(Resp=N)
T3(Resp=Y%DF=N%W=4000%ACK=O%Flags=A%Ops=)
T4(Resp=Y%DF=N%W=4000%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RIPCK=0%UCK=0%ULEN=134%DAT=E)

SGI O2 running IRIX 6.3:

TSeq(Class=64K)
TSeq(Class=TD%gcd=3E8%SI=3)
TSeq(Class=64K)
T1(Resp=Y%DF=N%W=EF2A%ACK=S++%Flags=AS%Ops=MNWNNT)
T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=N%W=EF2A%ACK=O%Flags=A%Ops=NNT)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=Y%TOS=0%IPLEN=38%RIPTL=148%RIPCK=E%UCK=E%ULEN=134%DAT=E)

I'm also seeing some problems with SunOS 4.1.4 (sun4m) being
mis-identified as SunOS 4.1.1..

-- [ Nickolai Zeldovich // nickolai () zepa net ]