Re: February 2012 OS detection highlights

[David Fifield <david () bamsoftware com>]

On Sat, Feb 25, 2012 at 07:35:27AM -0800, David Fifield wrote:
> I recently finished a round of about 1,900 OS fingerprint submissions
> since June 2011. Here is a summary of how the database changed.

I also merged and curated the latest of the IPv6 submissions, of which
there were pathetically few. Maybe this is because not many people are
doing IPv6 scans yet, or maybe it's because until recently Nmap has been
reluctant to print out IPv6 fingerprints. Please update to r27859 or
later and scan your IPv6 devices. It is as easy as this:

nmap -6 -O <target>

If you're on a LAN that you can safely scan, try this to discover IPv6
devices and scan them (see http://seclists.org/nmap-dev/2011/q3/816 and
http://seclists.org/nmap-dev/2011/q3/865 for more information on this
command):

nmap -6 -v -O -F -e eth0 --script='targets-ipv6-*' --script-args=newtargets -oN os6-%D%T.nmap

If you want to get a guess in addition to your fingerprint, use
--osscan-guess. For example,

nmap -F -O -6 www.netbsd.org --osscan-guess

Nmap scan report for www.netbsd.org (2001:4f8:3:7:2e0:81ff:fe52:9a6b)
Host is up (0.055s latency).
rDNS record for 2001:4f8:3:7:2e0:81ff:fe52:9a6b: www.NetBSD.org
Not shown: 99 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
Device type: general purpose
Running (JUST GUESSING): NetBSD 5.X (98%)
OS CPE: cpe:/o:netbsd:netbsd:5.0
No OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).

Here you see we got a good match on NetBSD, but Nmap doesn't print it
out by default because it's too different from the other NetBSD examples
in the database so far. (Its "novelty" is too high as explained at
http://seclists.org/nmap-dev/2012/q1/199.)

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/