Fwd: Help needed: hunting down OS fingerprints

[Jacek Wielemborek <wielemborekj1 () gmail com>]

Hi guys,

For the last three weeks so far I have been doing research on Internet
Census 2012 TCP/IP fingerprints data set. While my report is not yet
ready, I decided to share one of my findings with you earlier.

Today I grepped the data set looking for G=Y fingerprints. I noticed
that out of 80 million of fingerprints, only about 50 000 were
suitable for submission. I tried to match them against nmap-os-db from
r32431 and found that 32663 of them had no perfect matches and 11 had
none. Since they could be potentially useful for the Nmap Project, I
decided to share them with you.

I attach a link with the excerpts from original Internet Census 2012
data set. The first two columns are real IP addresses and timestamps -
I kept them in case they proved useful. The third column is a
comma-separated list of top three matches in format "LLL[AAA]", where
LLL is the line number in nmap-os-db r32431 (could be off by one) and
AAA is the accuracy percentage.

Perhaps we could improve the database by using alternative methods of
OS detection? One could for example try scanning the ports of the
targets or contacting the owners. It would be great to help in Nmap
development.

Yours,
Jacek Wielemborek

PS. The original attachment was too big (300kb), so I put the
uncompressed version online:

http://pastebin.com/d8hZtr1i
http://pastebin.com/A56rWk4v
http://pastebin.com/kSY95Wcx
http://pastebin.com/zW4M2cUY
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/