Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Sep 1999 17:09:30 -0500
From:      TrouBle <trouble@hackfurby.com>
To:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>, FreeBSD-ISP List <FreeBSD-ISP@FreeBSD.ORG>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Nmap scanning
Message-ID:  <37E16A99.294319D9@hackfurby.com>
next in thread | raw e-mail | index | archive | help 
regarding nmap scanning..... found on another list, is this an issue for
FreeBSD ???

> Yeah, don't know how useful it is, since the only current version of
an OS
> that it seems to be effective against is Digital Unix.  With only the
ACK
> bit set it might be able to get through some firewall rules, though.

I think it works against the latest FreeBSD as well.  Perhaps I should
apply your patch and leave it as another undocumented scan type in the
next version of Nmap.  Interestingly, the nmap-os-fingerprints database
that comes with Nmap can often enumerate the operating systems with
interesting characteristics like this.  For example, here is an easy way

to get a list of OS versions that should be vulnerable to your window
scan:

amy~/nmap>cat nmap-os-fingerprints | perl -ne 'while(<>) { chomp;if
(/^fingerprint\s+([^\#]+)/i) { if (defined($owin) and defined($cwin) and
$owin ne $cwin) { print "$oname ($owin vs. $cwin)\n";}
$oname=$1;undef($cwin);undef($owin);} elsif (/^T(4|6)\(.*W=([^%]+)/) {
if ($1 eq 4){$owin=$2;} else { $cwin = $2; }}}' | sort -f
A/UX 3.1.1 SVR2 (1000 vs. 0)
ACC Amazon 9.2.29 or Congo 9.2.35 WAN concentrator (1000 vs. 0)
Acorn Risc OS 3.6 (Acorn TCP/IP Stack 4.07) (3000 vs. 0)
Acorn RiscOS 3.7 using AcornNet TCP/IP stack   (4000 vs. 0)
AGE Logic, Inc. IBM XStation (2000 vs. 0)
AIX 3.2 (4000 vs. 0)
AIX 4.0 - 4.1 (8000|4000 vs. 0)
AIX 4.02.0001.0000 (4000 vs. 0)
AIX 4.1 (4000 vs. 0)
AIX 4.2 (4000 vs. 0)
AIX 4.2 (4000 vs. 0)
AIX 4.3.2 (4000 vs. 0)
AIX v4.1 running on a C10 (4000 vs. 0)
Alcatel 1000 DSL Router / unknown OS Rev. (2000 vs. 0)
AmigaOS AmiTCP/IP 4.3 (2000 vs. 0)
AmigaOS AmiTCP/IP Genesis 4.6 (8000 vs. 0)
AmigaOS Miami 2.1-3.0 (4000 vs. 0)
AmigaOS Miami 3.0 (4000 vs. 0)
AmigaOS Miami 3.1-3.2 (4000 vs. 0)
AmigaOS Miami Deluxe 0.9 - Miami 3.2B (4000 vs. 0)
AOS/VS or VSII (1000 vs. 0)
Apollo Domain/OS SR10.4 (239C vs. 800)
Auspex Fileserver (AuspexOS 1.9.1/SunOS 4.1.4) (4000 vs. 0)
AXIS NetEye Camera Server V1.20  (100|0 vs. 0)
AXIS or Meridian Data Network CD-ROM server (200 vs. 0)
AXIS Stack -- CD-ROM Server or Printer Server or Camera Server  (100|0
vs. 0)
BeOS 4 - 4.5 (3000 vs. 0)
BSDI BSD/OS 2.0 - 2.1   (2000|0 vs. 0)
CacheOS (CacheFlow 2000 proxy cache) (2000 vs. 0)
Canon photocopier/fax/scanner/printer GP30F (C00 vs. 0)
Cisco CacheEngine (2000 vs. 0)
Compaq Tru64 UNIX (formerly Digital UNIX) 4.0e (8000 vs. 0)
Convex OS Release 10.1 (7C00 vs. 0)
Cray Unicos 9.0 - 10.0 or Unicos/mk 1.5.1   (FFFF vs. 0)
Cray UNICOS 9.0.1ai - 10.0.0.2 (8000 vs. 0)
DEC OSF/1 V1.3A (8000 vs. 0)
DECNIS 600 V4.1.3B System (8000 vs. 0)
DECserver700-16, Network Access SW V2.2 (600 vs. 0)
DG/UX Release R4.11MU02 (2238 vs. 0)
Digital OpenVMS AXP 6.2 running Attachmate Pathway 3.1 TCP stack (2000
vs. 0)
Digital Unix 4.0E (7000|8000 vs. 0)
Digital UNIX OSF1 V 3.0,3.2,3.2C   (8000 vs. 0)
Digital UNIX OSF1 V 4.0,4.0B,4.0D   (8000 vs. 0)
Extreme Gigabit switch (unknown version) (1000 vs. 0)
FreeBSD 2.1.0 - 2.1.5   (4000 vs. 0)
FreeBSD 2.2.1 - 3.2   (4000|0 vs. 0)
FreeBSD 2.2.1 - 4.0   (4000|0 vs. 0)
HP Entria X station (running Netstation 7.x)   (2000 vs. 0)
HP-BSD 2.0 (2000 vs. 0)
HP-UX 9.01 - 9.07 (2000 vs. 0)
HP-UX A.09.00 E 9000/817 - A.09.07 A 9000/777 (2000 vs. 0)
HP-UX B.10.01 A 9000/715 (8000 vs. 0)
HP-UX B.10.20 A 9000/715 or 9000/712 or 9000/871 or 9000/861 with
tcp_random_seq = 0 (8000 vs. 0)
HP-UX B.10.20 A 9000/715 or 9000/712 or 9000/871 with tcp_random_seq =
1  (8000 vs. 0)
IBM LAN RouteSwitch/Xylan OmniSwitch Version 3.2.5/NeXT (1000 vs. 0)
IBM OS/2 V 2.1 (7000 vs. 0)
IBM OS/2 V.3   (7000 vs. 0)
IBM OS/2 Warp 4.0 (7000 vs. 0)
IBM OS/2 Warp Server for E-business (Aurora) Beta (8000 vs. 0)
IBM OS/2 Warp Server for E-business (Aurora) Beta (8000 vs. 0)
Intel NetportExpress(tm) 10/100 3-port ROM: V05.10a (16D0 vs. 0)
IRIX 5.2 (F000 vs. 0)
IRIX 5.3   (EF2A|F000 vs. 0)
Juniper Router running JUNOS (4000 vs. 0)
LynxOS Realtime OS -- Could be MeetingPlace 3.4, Xylogics  Remote Annex
4000 terminal server (1000 vs. 0)
Mac OS X (Rhapsody 5.5) on a G3 (8000 vs. 0)
Meridian Data Network CD-ROM Server (V4.20 Nov 26 1997) (200 vs. 0)
Mirapoint M1000 (OS v 1.0.0) (4000 vs. 0)
NCD X server (SNMP says: NCD16 server 2.3.0 03/12/91 downloaded) (800
vs. 0)
Neoware (was HDS) NetOS V. 2.0.1 or HP ENTRIA C3230A (2000 vs. 0)
NetApp OnTap 3.1.6 (1000 vs. 0)
NetApp OnTap 5.1.2 - 5.2.2 (2000 vs. 0)
NetBSD 1.0 big endian arch (4000 vs. 0)
NetBSD 1.0 little endian arch (4000 vs. 0)
NetBSD 1.1 - 1.2.1 litle endian arch (4000 vs. 0)
NetBSD 1.2 - 1.2.1 big endian arch (4000 vs. 0)
Network Systems router NS6614 (NSC 6600 series) (1000 vs. 0)
NeXT Mach (1000 vs. 0)
OpenBSD 2.1 - 2.3/SPARC (4000 vs. 0)
OpenBSD 2.1/X86 (4000 vs. 0)
OpenBSD 2.2 - 2.3 (4000 vs. 0)
OpenBSD Post 2.4 (November 1998) - 2.5 (4000 vs. 0)
OpenStep 4.0 or NextStep 1.0 (Intel) (1000 vs. 0)
OpenStep 4.1/NeXTStep 3.3 (1000 vs. 0)
OpenStep 4.2/Intel (1000 vs. 0)
OpenVMS 6.1   (1000 vs. 0)
OpenVMS 6.2 (1800 vs. 0)
OpenVMS 7.1 Alpha running Digital's UCX v4.1ECO2 TCP/IP package (BB8 vs.
0)
OpenVMS Alpha 6.2 running DIGITAL TCP/IP Services (UCX) v4.0 (BB8 vs. 0)

OpenVMS Alpha V7.1-1H2 running DIGITAL TCP/IP Services (UCX) V4.2 (1000
vs. 0)
OpenVMS V6.1 on Digital VAX 4000-105A (1800 vs. 0)
OSF/1 5.60 (8000 vs. 0)
Packeteer IP-PacketShaper 2000 V3.1 (1000 vs. 0)
QNX 4.24 (2000 vs. 0)
Redback SMS1000 Router (2000 vs. 0)
Rhapsody 5.3 - 5.4 (Mac OS X Server 1.0 - 1.0-1) (2000 vs. 0)
Router/Switch (LanPlex 2500/Cisco Catalyst 5505/Trancell Webramp/Xylan
Omni Switch) (1000 vs. 0)
SEQUENT DYNIX/ptx(R) V4.2.1 (1000 vs. 0)
Shiva LanRover/8E Version 3.5 (1000 vs. 0)
Snap Network Box (4470 vs. 0)
SPP-UX 5.2.1 (8000 vs. <1001)
SPP-UX 5.x on a Convex SPP-1600 (8000 vs. C00)
Stock OpenVMS 7.1 (2200 vs. 0)
SunOS 4.0.3 (1000 vs. 0)
SunOS 4.1.1 - 4.1.4 (or derivative)  (1000|2000|6000|C000 vs. 0)
SunOS 4.1.3_U1 + ISI RFC1323 mods from ISI (1000 vs. 0)
Ultrix 4.1 (4000 vs. 0)
Ultrix 4.2 - 4.5 (4000 vs. 0)
Unicos 10.0.0 on Cray 90 (8000 vs. 0)
VAX 7000-610 or 4200/SPX OR 6000-430 (1800 vs. 0)
VAX/VMS 5.3 on a MicroVAX II (1000 vs. 0)
VNS V6.2 (2200 vs. 0)
VxWorks 5.3.x bases system (usually an ethernet hub or switch) (1000 vs.
0)
webcache  CacheFlow 5000 with latest OS (2000 vs. 0)
Xylan OmniSwitch 5x/9x ethernet switch, Annex3 Comm server R10.0, or
Hitach HI-UX/WE2 (1000 vs. 0)





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37E16A99.294319D9>