Ip-filter seems to have some obscuring power too. Instead of just dropping
packets, I configured IP-filter to send TCP RST for closed ports, and ICMP
for closed UDP ports. Nmap therefore gets responses to closed ports from
IP-filter, instead of from the Solaris stack. I do not block packets with
options, or short packets.
No OS matches for host (If you know what OS is running on it, see
http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=2.54BETA7%P=sparc-sun-solaris2.6%D=11/25%Time=3A1FE950%O=21%C=1)
TSeq(Class=RI%gcd=1%SI=90EE)
TSeq(Class=RI%gcd=1%SI=BA5A)
TSeq(Class=RI%gcd=1%SI=73B9)
T1(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=AR%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=AR%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=N)
Target is SunOS u1 5.7 Generic_106541-09 sun4u sparc SUNW,Ultra-1. The only
ndd tune I did is to turn on ip_forwarding.
---
www.nosig4u.com
--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Nov 26 2000
Intro
