Re: OS fingerprints and virtualization

[Fyodor <fyodor () insecure org>]

On Thu, Nov 15, 2007 at 09:30:40AM -0600, Thomas Buchanan wrote:
> I've been doing some testing with 4.23RC1, specifically against guest
> systems inside VMWare Workstation.  I've been prompted a couple of times
> about submitting OS fingerprints, but I wondered if the virtualization
> could have an impact on the fingerprinting process.  Could the VMWare
> network driver alter the network packets such that the OS fingerprint is
> changed?  What about virtual system under qemu, connected via tun/tap
> drivers?  Has anybody compared OS network signatures from virtualized
> systems to bare metal installations?  
>
> Sorry about all the questions, but I'd rather not submit these
> fingerprints if they don't accurately reflect the true OS network stack.

Hi Thomas.  Good question--it is important not to submit bogus
fingerprints.  But submitting targets running as a VMWare guest is
generally OK.  Qemu is probably OK too.  In both cases, please not the
situation in the comment box and be clear that the virtualized system
is the target.  If the source machine (the OS you are running Nmap on)
is a VMware guest or similar, that is worth noting too.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org