Nmap Development mailing list archives
October 2008 OS detection highlights
From: David Fifield <david () bamsoftware com>
Date: Fri, 14 Nov 2008 14:19:10 -0700
Hi all,
I just finished integrating OS fingerprint submissions and corrections
from October 2008. The database grew 9% from 1503 to 1635 prints. Added
vendors are
AcBel, AirMagnet, AKCP, Alice, Allnet, Arcor, Arris, AVtech, CAEN,
CipherLab, Citrix, Compex, Denon, Eicon, Ericsson, Ingrian, Intermec,
Kongsberg Seatex, Panasas, Peplink, Perfectone, Pirelli, QNAP, RISCOS
Ltd, Sanyo, Sonos, Tenda, Topfield, VxWorks, Zoom.
Here are interesting or noteworthy new fingerprints.
Microsoft Windows for Workgroups 3.11 or Windows 95
We got two independent submissions for Windows 3.11, both
matching the same print that previously matched only Windows 95.
Microsoft completely stopped licensing windows 3.11 only two
weeks ago!
http://blogs.msdn.com/jcoyne/archive/2008/07/09/it-s-the-end-for-3-11.aspx
Cisco Micro Webserver 200, HP WP110 print server, Tektronix TDS3034B oscilloscope, or Xerox Document Centre 405 printer
The OS database now contains two different oscilloscopes. Too
bad this one shares a fingerprint with other devices. A page
about a presumably similar model is
http://www.tek.com/products/oscilloscopes/tds3000c/.
AKCP sensorProbe2 remote sensor device
This is an environmental sensor meant to be installed in a
server room or elsewhere to check for dangerous temperature,
humidity, etc. http://www.akcpinc.com/company/sensorProbe2.htm
CAEN SY2527 high voltage power supply
A power supply for physics experiments. Its print is close to
some Linux 2.0 prints, so this might go away if it turns out to
be more generic. http://www.caen.it/nuclear/syproduct.php?mod=SY2527
Sony PlayStation 3 game console test kit
I guess this is what PlayStation developers use. It's fairly
different from the PlayStation 3 fingerprint.
Apple iPhone mobile phone or iPod touch media player (iPhone OS 2.1)
Apple has kindly made iPhone OS 2.1 differentiable from previous
versions. iPhone OS is the Mac OS X derivative that runs on the
iPhone and iPod touch.
RISCOS Ltd RISC OS 4.39
I don't know much about this one. It's our first fingerprint
for this OS. http://www.riscos.com/
Kongsberg Seatex BS410 AIS base station (maritime communication component)
This is a shore-based base station for the Automatic
Identification System (AIS) used to track water vessels. It
communicates with complementary units onboard ships.
http://www.km.kongsberg.com/ks/web/nokbg0240.nsf/AllWeb/557FADD4A733E1BFC1256F030033759B?OpenDocument
http://en.wikipedia.org/wiki/Automatic_Identification_System
Linux 2.6.27
This is really interesting. The Linux TCP option code was
rewritten in 2.6.27, and as a side effect the order of options
was changed. This is great for OS detection: when 2.6.26 uses
"M5B4ST11NW5" and 2.6.27 uses "ST11M5B4NW5" it's easy to tell
them apart. However the change seems to have been incompatible
with some (broken) networking equipment and caused connectivity
problems for users:
http://lwn.net/Articles/304791/
https://bugs.launchpad.net/linux/+bug/264019
So a change was made to put the options back in the original
order:
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=fd6149d332973bafa50f03ddb0ea9513e67f4517
I haven't seen any 2.6.28 fingerprints yet but if the options
really are in the original order we may have non-contiguous
Linux kernel ranges like "2.6.20 - 2.6.26, 2.6.28" in the OS
database.
CipherLab 5100 time and attendance terminal
This is a timeclock employees punch into and out of to keep
track of working hours. It also can be used for building access
control. http://www.cipherlab.com/catalog.asp?CatID=59&ProdID=41
David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Current thread:
- October 2008 OS detection highlights David Fifield (Nov 14)