On Wed, Dec 16, 1998 at 02:29:20PM -0600, Mario Camou wrote:
> Hi,
>
> Just to say, Linux running kernel 2.0.36 is erroneously detected as 2.0.35,
> here's the fingerprint for 2.0.36:
>
> Remote operating system guess: Linux 2.0.35
> OS Fingerprint:
> T1(Resp=Y%DF=N%W=7FE0%ACK=S++%Flags=AS%Ops=ME)
> T2(Resp=N)
> T3(Resp=Y%DF=N%W=7FE0%ACK=S++%Flags=ASF%Ops=ME)
> T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
> T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
> T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
> T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
> PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
>
> Here's the fingerprint for a 2.0.35 box:
>
> Remote operating system guess: Linux 2.0.35
> OS Fingerprint:
> TSeq(Class=TR)
> T1(Resp=Y%DF=N%W=7FE0%ACK=S++%Flags=AS%Ops=ME)
> T2(Resp=N)
> T3(Resp=Y%DF=N%W=7FE0%ACK=S++%Flags=ASF%Ops=ME)
> T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
> T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
> T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
> T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
> PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
>
> They look the same! What to do then?
They are the same. From what I see here (I have a .35 and .36 which both give
this fingerprint) you can't tell the difference.
Another point: I found that running nmap -O thru a masquerading firewall is
not really reliable :(
Greetz, Peter.
--
'I guess anybody who walks away from a root shell at : Peter van Dijk
a nerd party gets what they deserve!' -- BillSF :peter_at_attic.vuurwerk.nl
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
finger hardbeat_at_flits104-161.flits.rug.nl for my public PGP-key
- --- - --- - --- - --- - --- - --- - --- - --- - --- -
Received on Dec 16 1998
Intro
