Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FP_NOVELTY_THRESHOLD used in IPv6 OS detection

From: David Fifield <david () bamsoftware com>
Date: Tue, 17 Feb 2015 07:42:21 -0800
On Tue, Feb 17, 2015 at 10:32:55AM +0100, Alexandru Geana wrote:

Hello nmap devs,

I am currently in the process of exploring how nmap does OS probing and
detection over IPv6. I have a pretty good understanding of the
underlying concepts, but there is still one thing I don`t get.

The novelty detection feature has a threshold which is set to 15 as
explained in [1] and also visible in FPEngine.h [2]. How was this value
calculated/chosen?


It was just trial and error with our library of IPv6 samples. We get new
submissions from time to time, and we tried to set the threshold so that
the submissions that were truly different were detected as such.

You can find some information in the comment above the novelty_of
function in FPEngine.cc.

David Fifield
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: