Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Nmap Development: Re: Fyodor, I would like to have your point of vue on SinFP tool

Re: Fyodor, I would like to have your point of vue on SinFP tool

From: GomoR <nmap-hackers_at_gomor.org>
Date: Sat, 13 May 2006 14:06:00 +0200

On Fri, May 12, 2006 at 05:41:56PM -0700, Fyodor wrote:
[..]
> No, I think it is entirely appropriate here. Thanks for posting, even

Perfect.

> though I was already familiar with SinFP. I took a look at it in
> March while Zhao Lei and I were working on a 2nd generation
> fingerprinting system for Nmap.

Thank you ;)

> It is a great little tool, though I
> dispute the web page statement that Nmap's "approach to OS
> fingerprinting is becoming to be obsolete" due to "stateful filtering
> devices, PAT/NAT configurations and emerging packet normalization
> technologies".

Yes, and I need to apologies for that. When I released it the first
time (on june 2005), I got nearly zero replies. And the one I received
were not useful.

So, I changed my mind, and resolved to use marketting wording, to
trick people into trying SinFP. It is not simple to change user
habits.

> I agree that those obstacles can be a challenge, but
> Nmap is pretty resilient to most of this. It has to be, given that
> people use it across just about every sort of network available. But
> I hope the new system will be even more powerful.

Well, I used to work for a company that developped a vulnerability
scanner. And when you see nmap giving Turtle OS, when it is, in fact,
a classical Linux, you change your mind. But I am not here to start
a troll or flamewar.

Just to finish on this subject; I will add:
No response from a probe is not meaningful. We cannot conclude anything.
No bug report from users is not meaningful. We cannot conclude anything.

> I hope to release a
> paper very soon to nmap-dev documenting that upcoming system. We
> would of course appreciate your input.

And I will be very glad to comment on it, to help make nmap better.

> Cheers,
> -F

 --
 ^ ___ ___ http://www.GomoR.org/ <-+
 | / __ |__/ Systems & Security Engineer |
 | \__/ | \ ---[ zsh$ alias psed='perl -pe ' ]--- |
 +--> Net::Packet <=> http://search.cpan.org/~gomor/ <--+

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on May 13 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]