Nmap Development mailing list archives
Re: Nessus's Nmap competitor
From: doug () hcsw org
Date: Wed, 3 Sep 2008 13:21:28 -0700
On Tue, Sep 02, 2008 at 11:18:23PM -0300 or thereabouts, Arturo 'Buanzo' Busleiman wrote:
DePriest, Jason R. wrote:How useful is port grouping based fingerprinting for something other than Windows?I wished I had saved logs for this, but I had a situation with two linux servers, different kernel versions/distros. The NAT was a linux machine with services, and other ports were forwaded to another machine. Port grouping helped narrow down the possibilities to almost exact matchings.
This is a very interesting use of QSCAN, thanks for bringing it up. You will probably get confusing results at best if you run OS detection against a host with ports being forwarded to multiple different machines. I wonder if it would be possible to embed median round-trip time in the OS fingerprint so that at least we could try to avoid polluting the DB in such cases. Or maybe this isn't that big an issue--I have never integrated OS FPs so I dunno for sure. Best, Doug
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nessus's Nmap competitor Fyodor (Sep 02)
- RE: Nessus's Nmap competitor Andrew J. Sledge (Sep 02)
- Re: Nessus's Nmap competitor Arturo 'Buanzo' Busleiman (Sep 02)
- Re: Nessus's Nmap competitor DePriest, Jason R. (Sep 02)
- Re: Nessus's Nmap competitor Arturo 'Buanzo' Busleiman (Sep 02)
- Re: Nessus's Nmap competitor doug (Sep 03)
- Re: Nessus's Nmap competitor DePriest, Jason R. (Sep 02)