Nmap Development mailing list archives
Other useless OS detection tests?
From: David Fifield <david () bamsoftware com>
Date: Thu, 12 Mar 2009 16:12:39 -0600
On Thu, Mar 12, 2009 at 03:33:36PM -0600, David Fifield wrote:
Fyodor noticed that every single reference fingerprint in nmap-os-db that had a result of the IE.DLI test had the value S.
I read in the TODO:
o Are there other "useless" tests in nmap-os-db? It is worth
checking, IMHO.
I wrote a script to measure how much each OS detection test varies in
nmap-os-db. It ranks each test by the number of distinct values it takes
on. The results are attached. You can ignore the *.R tests; they only
take on two values so they can't get very diverse.
The only potentially "useless" tests are IE.DLI, IE.SI, and U1.RUL. As
you can see, IE.DLI and IE.SI only ever take on one value, and U1.RUL
was 0 only 1 time out of 1658.
IE.DLI=S 1656
IE.SI=S 1655
U1.RUL=G 1657
U1.RUL=0 1
http://nmap.org/book/osdetect-methods.html#osdetect-dl
http://nmap.org/book/osdetect-methods.html#osdetect-si
http://nmap.org/book/osdetect-methods.html#osdetect-ruck
David Fifield
Attachment:
fp-diversity.txt
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- IE.DLI OS detection test David Fifield (Mar 12)
- Re: IE.DLI OS detection test Brandon Enright (Mar 12)
- Re: IE.DLI OS detection test ithilgore (Mar 12)
- Other useless OS detection tests? David Fifield (Mar 12)
- RE: Other useless OS detection tests? Thomas Tavaris J (Tavaris) (Mar 13)
- Re: Other useless OS detection tests? Fyodor (Mar 13)
- Re: Other useless OS detection tests? David Fifield (Mar 27)
- RE: Other useless OS detection tests? Thomas Tavaris J (Tavaris) (Mar 13)
- Re: IE.DLI OS detection test Brandon Enright (Mar 12)