mailing list archives
Xprobe 0.0.2 Released
From: "Ofir Arkin" <ofir () sys-security com>
Date: Thu, 25 Oct 2001 03:11:41 +0200
We would like to announce the availability of Xprobe version 0.0.2.
You can download our latest version from:
Written and maintained by Fyodor Yarochkin and Ofir Arkin, Xprobe is an
Active OS fingerprinting tool based on Ofir Arkin's ICMP Usage in
Scanning Research project (http://www.sys-security.com).
- Linux Kernel 2.0.x, 2.2.x, 2.4.x
- FreeBSD 4.x
- NetBSD 1.4.x, 1.5.x
- OpenBSD 2.x
- Sun Solaris 2.x
Changes from version 0.0.1p1:
- Fixed a bug that prevented the correct identification of Microsoft
Windows ME and Microsoft Windows 98/98SE.
- A logging option have been added using the -o <file> option you can
now log the results to a file for further processing.
- You can now specify a receiving time out using the -t option.
- Added support for IBM OS/390, SunOS 4.x, and Microsoft Windows XP
(TCP/IP stack is looking exactly the same as with Microsoft Windows
2000, with ICMP).
- Added support for compilation under IRIX.
- Bugs and Code sweeps were performed.
- The tool and the man page now carry the name of Xprobe.
Xprobe is documented in a white paper we released called "X remote ICMP
based OS fingerprinting techniques" (X is the logic behind the tool),
available from http://www.sys-security.com/html/projects/X.html.
Xprobe 0.0.2 identifies a limited number of operating systems (all
current operating system included) and networking devices (a full list
is available in the README file).
We are planning to release version 0.1 which will support a signature
database in the Black Hat Briefings Europe 2001 held in the Krasnapolsky
Hotel in Amsterdam 21-22 November 2001 (http://www.blackhat.com).
How to use:
See manual for details. A quick hint:
xprobe [options] hostname[/netmask] (and watch the output).
-v be verbose
-i <interface> run on interface (needed if wrong interface is choosen)
-p <portnum> use <portnum> udp port for udp probe.
-o logfile log everything into a logfile. (default: stderr).
-t timeout receive timeout (seconds)
fygrave () tigerteam net
Ofir Arkin [ofir () sys-security com]
The Sys-Security Group
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
- Xprobe 0.0.2 Released Ofir Arkin (Oct 25)