Nmap Development mailing list archives
Re: mac addies
From: Ido Dubrawsky <idubraws () cisco com>
Date: Mon, 24 Jun 2002 09:08:21 -0500
On Sun, Jun 23, 2002 at 09:15:02PM -0700, Stou Sandalski wrote:
Has anyone looked into using mac addresses in the identification process for OS fingerprinting? It might sound weird but knowing that the nic in the computer is made by Unisys or cray or whatever else, can help narrow down the number of choices?
Not a good idea. Except for certain manufacturers (like Sun, Cray, HP) who have the NICs either on the motherboard or have the PROM override the NIC card's built-in MAC addresses (as is the case with Sun), alot of systems use various NIC cards from different vendors. Aside from the vendors mentioned above, MAC addresses provide no information as to the installed OS on a system. Even on Suns it won't tell you anything more than you are looking at a SPARC because you can run Linux/OpenBSD/NetBSD/FreeBSD on them. Ido -- =============================================================================== |Ido Dubrawsky E-mail: idubraws () cisco com | | |Network Security Engineer :|: :|: |Cisco Secure Consulting Services :|||: :|||: |Cisco Systems, Inc. .:|||||||:..:|||||||:. |Austin, TX. 78759 =============================================================================== --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- mac addies Stou Sandalski (Jun 23)
- Re: mac addies Ido Dubrawsky (Jun 24)