Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: nmap: OS hints from service versions
From: Vasiliy Kulikov <segooon () gmail com>
Date: Fri, 13 May 2011 22:53:53 +0400

On Wed, May 11, 2011 at 19:11 -0700, Fyodor wrote:
Rather than pass the tips to Nmap's OS detection system, version
detection itself has a system for printing the likely OS.  Keeping the
systems separate helps in cases where you have a target host running
one OS while forwarding requests to certain ports to other machines.

Keeping them separate makes sense.

Service Info: OS: Linux

Are you sure you didn't get that?  The Debian SSH match line seems to
set the "Linux" OS characteristic:

match ssh m|^SSH-([\d.]+)-OpenSSH_([\w._-]+)[ -]{1,2}Debian[ -_]([^\r\n]+)\r?\n| p/OpenSSH/ v/$2 Debian $3/ 
i/protocol $1/ o/Linux/

Yes, I get it.  However, I see no kernel version hint.  It is a hint
only (because one might setup a customized kernel), but a valuable hint.
Debian Lenny _likely_ has Linux 2.6.26, a server running "OpenSSH 5.3p1
Debian 3ubuntu6" likely runs Ubuntu 10.04 with kernel 2.6.32.  Such a
matching would be very usefull.


Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]