mailing list archives
Re: nmap: OS hints from service versions
From: Marek Lukaszuk <m.lukaszuk () gmail com>
Date: Mon, 9 May 2011 11:20:10 +0200
On Mon, May 9, 2011 at 10:50, Vasiliy Kulikov <segooon () gmail com> wrote:
On Sun, May 08, 2011 at 22:47 +0300, Toni Ruottu wrote:
The OS detection is trying to detect the OS of the host. The services
might all be running on different operating systems because of
virtualization and port forwarding.
Doesn't the whole OS detection rely on answers to the probes to the same
ports? In case of port forwarding it is already fooled, isn't it?
Not always, the connection can be proxied, making the OS detection
based on the network responses correct, despite the fact that the
banner can be completely wrong. The problem as I see it is that the
services and the host that we are scanning don't have to be connected,
so I wouldn't draw conclusions from one about the other.
I'm new here, please be gentle :)
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/