Nmap Development mailing list archives
New OS detection highlights
From: David Fifield <david () bamsoftware com>
Date: Sat, 15 Sep 2007 12:50:41 -0600
Hi, I just finished integrating about 600 new OS submissions. Here are some that are interesting, unusual, or important. Apple iPhone mobile phone (Darwin 9.0.0d1) The fingerprint is similar to, but distinguishable from, that of Mac OS X. Linux 2.6.22 I noticed that fingerprints for 2.6.22 had a significantly higher value for initial sequence number randomness. If this holds up, it means we can distinguish 2.6.22 from previous versions. IPAD-OS This is some specialized router OS. The submitter gave a web site: http://www.ipadowners.org/. IBM OS/390 V2 AmigaOS 3.9 BB2 Neat. According to my research, BB2 is BoingBag 2, which is something like a service pack. iDirect Protocol Processor (Red Hat Enterprise Linux 3) Here's what the submitter had to say: "This is a part of the iDirect satellite hub system, responsible for processing IP data into the custom layer-2 protocol used to communicate with iDirect Hub Line Cards (HLC) for transmission to a geosynchronous satellite." It's distinguishable from other Red Hat fingerprints. Microsoft Windows Mobile 6 Classic lwIP 1.1.0 lightweight TCP/IP stack This is a TCP/IP stack for microcontrollers. See http://www.sics.se/~adam/lwip/. SCO UNIX 3.2v5.0.7 GNU Hurd 0.3 Sweet! This is our first Hurd submission in the second-gen database. The version number came from the submitter; I wasn't sure about it because the Hurd web page says they don't have formal releases. Sensatronics E4 temperature monitor Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0 - 8.10.1) This wouldn't be noteworthy (we already have lots of OS X fingerprints) except that some 10.4.10 fingerprints have really large (> 0x1000000) values for their GCD attribute. Does anyone know anything about this? Is there a new algorithm Apple's using? The database grew 19% from 12383 to 14713 lines. We now have 826 signatures. Keep them coming! David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- New OS detection highlights David Fifield (Sep 15)