mailing list archives
Re: TCP Sequence
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sun, 21 Oct 2007 07:36:27 +0000
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 18 Oct 2007 13:12:02 +0200 plus or minus some time Mohamed Abdel
Kader <mak.pen () gmail com> wrote:
Been using nmap for as long as I remember but recently starting to see a
problem with the TCP sequence algorithm.
Using nmap 4.2 under xp the TCP sequence class comes up as trivial time
dependency, with the difficulty being trivial joke.
However when I used the alpha release (4.22 SOC7) the class became truly
random with a difficulty of "Good Luck"!
Which is more reliabe? Does the alpha release contain improvements in
detecting the TCP sequence algorithm in use?
Thanks a million Fyodor!
The bug in 4.20 was fixed (as you have seen). The problem was that when
the second-gen OS detection was added, the difficulty numbers were changed
to much lower values and the ranges for each class (Trivial Joke, Worthy
Challenge, Good Luck, etc) were lowered with the numbers. The problem
shows up in 4.20 only when the first-gen OS detection is run because some
debug code related to the numbering and naming was left in.
If you want to use first-gen detection still, you'll need to update to one
of the pre-release versions. Otherwise, you can force Nmap 4.20 to just
use gen-2 by doing -O2 and your numbers and names will be accurate.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
-----END PGP SIGNATURE-----
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org
- TCP Sequence Mohamed Abdel Kader (Oct 20)
- Re: TCP Sequence Brandon Enright (Oct 21)