Nmap Hackers: Re: Linux 2.0.36 detected as 2.0.35

From: Lucid Dream <lucid_at_unixgeeks.org>
Date: Wed, 16 Dec 1998 20:35:39 +0000 ( )

You're not, perchance, running redhat linux are you? Redhat released kind
of a premature kernel for 2.0.36 with RH 5.2. They later corrected this
(updates.redhat.com).

-----------------
Lucid Dream
www.unixgeeks.org

On Wed, 16 Dec 1998, Mario Camou wrote:

> Hi,
>
> Just to say, Linux running kernel 2.0.36 is erroneously detected as 2.0.35,
> here's the fingerprint for 2.0.36:
>
> Remote operating system guess: Linux 2.0.35
> OS Fingerprint:
> T1(Resp=Y%DF=N%W=7FE0%ACK=S++%Flags=AS%Ops=ME)
> T2(Resp=N)
> T3(Resp=Y%DF=N%W=7FE0%ACK=S++%Flags=ASF%Ops=ME)
> T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
> T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
> T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
> T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
> PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
>
> Here's the fingerprint for a 2.0.35 box:
>
> Remote operating system guess: Linux 2.0.35
> OS Fingerprint:
> TSeq(Class=TR)
> T1(Resp=Y%DF=N%W=7FE0%ACK=S++%Flags=AS%Ops=ME)
> T2(Resp=N)
> T3(Resp=Y%DF=N%W=7FE0%ACK=S++%Flags=ASF%Ops=ME)
> T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
> T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
> T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
> T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
> PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
>
> They look the same! What to do then?
>
> -Mario.
>
Received on Dec 16 1998