Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Hackers: Re: [tcpdump-workers] patch to print TCP RST data with -v option (fwd)

Re: [tcpdump-workers] patch to print TCP RST data with -v option (fwd)

From: Kevin Steves <stevesk_at_sweden.hp.com>
Date: Sun, 16 Jul 2000 09:39:55 +0200 (METDST)

On Sat, 15 Jul 2000, Darren Reed wrote:
> Hmmm, those ascii messages in RST packets should be very fruitful when it
> comes to doing system identification :-)

Indeed, and I wonder if it makes sense to add this as an OS detection
technique to nmap. I've also seen text messages from Solaris 2.7, though
they seem somewhat unpredictable.

> Even more, if you get messages like the one below from HP-UX 11.0, it gives
> big clues on what's open, etc.

For HP-UX 11.0, you can set tcp_text_in_resets to 0 to disable this
feature:

# ndd -get /dev/tcp tcp_text_in_resets
1
# ndd -set /dev/tcp tcp_text_in_resets 0
# ndd -get /dev/tcp tcp_text_in_resets
0

Add to /etc/rc.config.d/nddconf to have it configured at system startup.

http://people.hp.se/stevesk/bastion11.html covers this and other stuff on
HP-UX 11.

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Jul 17 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos