Re: mac addies

[Ido Dubrawsky <idubraws () cisco com>]

On Sun, Jun 23, 2002 at 09:15:02PM -0700, Stou Sandalski wrote:
> Has anyone looked into using mac addresses in the identification process
> for OS fingerprinting? It might sound weird but knowing that the nic in
> the computer is made by Unisys or cray or whatever else, can help narrow
> down the number of choices? 

Not a good idea.  Except for certain manufacturers (like Sun, Cray, HP) who
have the NICs either on the motherboard or have the PROM override the NIC
card's built-in MAC addresses (as is the case with Sun), alot of systems use
various NIC cards from different vendors.  Aside from the vendors mentioned 
above, MAC addresses provide no information as to the installed OS on a system.
Even on Suns it won't tell you anything more than you are looking at a SPARC 
because you can run Linux/OpenBSD/NetBSD/FreeBSD on them.

Ido
-- 
===============================================================================
                        |Ido Dubrawsky               E-mail: idubraws () cisco com
     |          |       |Network Security Engineer
    :|:        :|:      |Cisco Secure Consulting Services
   :|||:      :|||:     |Cisco Systems, Inc.
.:|||||||:..:|||||||:.  |Austin, TX. 78759
===============================================================================


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).