Nmap Development mailing list archives
Re: TCP_WINDOW and TCP_MSS correlation as feature
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 21 May 2015 10:53:17 -0500
Alex, Thanks, this looks good! I think, though, that we can simply use either MISSING or UNKNOWN (both of which become -1 in the feature vector) for the (very unlikely) case where MSS is 0. We only have one fingerprint in our whole IPv4 database that has a MSS of 0, "Fingerprint Dell EqualLogic PeerStorage PS100E NAS device (NetBSD 1.6.2)". This would eliminate the need to include numpy in vectorize.py and float.h in FPEngine.cc. I am not sure what you are seeing to cause such a high novelty with scanme.nmap.org. My scans are coming back with 5.49. Can you provide the fingerprint you are getting? I will commit this with these changes pending our discussion later today. Dan On Mon, May 11, 2015 at 12:59 PM, Alexandru Geana <alex () alegen net> wrote:
Hello devs, During one IRC discussion, an idea was brought up to use the correlation between TCP_WINDOW and TCP_MSS as a feature for the IPv6 logistic regression model. Attached to this email I am sending two patches, one for the nmap codebase and another for the ipv6tests folder which adds this new feature. While testing on scanme.nmap.org, I noticed that the novelty threshold was too low (nmap had the top result with novelty at around 20.8), so I set the FP_NOVELTY_THRESHOLD to 25. Let me know what you think and if you find any problems with it. Best regards, Alexandru Geana alegen.net _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- TCP_WINDOW and TCP_MSS correlation as feature Alexandru Geana (May 11)
- Re: TCP_WINDOW and TCP_MSS correlation as feature Daniel Miller (May 21)
- Re: TCP_WINDOW and TCP_MSS correlation as feature Alexandru Geana (May 22)
- Re: TCP_WINDOW and TCP_MSS correlation as feature Alexandru Geana (May 28)
- Re: TCP_WINDOW and TCP_MSS correlation as feature Alexandru Geana (May 22)
- Re: TCP_WINDOW and TCP_MSS correlation as feature Daniel Miller (May 21)