|
Nmap Development
mailing list archives
Re: NMAP OS Guessing Tweak
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 14 Jan 2009 21:01:39 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 14 Jan 2009 10:39:45 -0500
"Juengling, Kurt W" <juengling () att com> wrote:
Running NMAP 4.62. Intense scan against a remote Windows 2000 web
host. NMAP correctly reports Microsoft IIS webserver 5.0 as running
on TCP 80, then guesses that the OS is XP SP2 (88% confidence). May
consider tweaking the heuristics to equate IIS 5.0 with Windows 2000
Server, and XP with IIS 5.1.
Outstanding tool - really enjoy it!
Kurt
Actually the service version scan has no effect on the OS scan. This
is by design and is covered in the "Nmap Network Scanning" book in
section 8.4 (Fingerprinting Methods Avoided by Nmap, page 189).
Luckily though, service detection does have a way to set the
service-discovered OS via o/.../ on the match line.
This shows up in the output like so:
"Service Info: OS: Unix"
For the most part, services that indicate Windows are just specified as
"Windows". There are a few services that specify a specific version of
Windows like "Windows 2000". It would not be hard to change the IIS 5,
5.1, and 6 match lines to provide a little more detail.
We shouldn't change 5.0 to be "Windows 2000 Server" because "Server"
isn't always accurate. Also, if I recall correctly, IIS 5.1 could
appear on more than just Windows XP (server 2003?).
If you cook up a patch to nmap-service-probes that prints more detailed
(and accurate) information I'm sure we'll accept it.
Brandon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iEYEARECAAYFAkluUrkACgkQqaGPzAsl94I5lwCgnv78W61S4cGeIMUz2jAsWDV6
rjoAn0cPiYVzWzo00TIO2eHBDnC06X3P
=G5Vr
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
|
Intro
