From owner-freebsd-security Wed Dec 16 05:40:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA14053 for freebsd-security-outgoing; Wed, 16 Dec 1998 05:40:35 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ol.kyrnet.kg (ol.kyrnet.kg [195.254.160.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA14048 for ; Wed, 16 Dec 1998 05:40:30 -0800 (PST) (envelope-from fygrave@tigerteam.net) Received: from gizmo.kyrnet.kg (IDENT:fygrave@gizmo.kyrnet.kg [195.254.160.13]) by ol.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id SAA15889; Wed, 16 Dec 1998 18:09:11 +0600 Received: from localhost (fygrave@localhost) by gizmo.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id SAA30052; Wed, 16 Dec 1998 18:38:19 +0500 X-Authentication-Warning: gizmo.kyrnet.kg: fygrave owned process doing -bs Date: Wed, 16 Dec 1998 18:38:19 +0500 (KGT) From: CyberPsychotic X-Sender: fygrave@gizmo.kyrnet.kg To: "Jan B. Koum " cc: Robert Watson , freebsd-security@FreeBSD.ORG Subject: Re: Detecting remote host type and so on.. In-Reply-To: <19981216051330.A28228@best.com> Message-ID: Confirm-receipt-to: fygrave@usa.net MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ~ And yet another old thread, but now is the time. :) ~ ~ The nmap2 port scanner was released last night and it has ~ support for remote OS fingerprinting. Ever wanted to find ~ out exactly what OS someone was running on a device which ~ has a TCP/IP stack? Now you can do so very easy. Get nmap ~ from http://www.insecure.org/nmap - or from ports since ~ the port was upgrade last night to the 2.0 version. ~ Yes. I have noted the Fyodor's post on bugtraq today. (shh.. another Fyodor, but I can not claim a copyright for my real name :)) I also checked the webpage which covers some interesting points regarding this subject. Actually the idea is clear to me with remote OS detection,(thanks to people on the list) and nowdays I am busy with my personal experiments digging a various responces for all kind of maliformed packets. So far I've got Solaris/Linux and so BSD platforms for my experiments, but i think once I get my toys usable for anyone but me, I could share them for testing on other boxes. Thanks for the note anyway :). ~F. PS: There's another interesting toy, which, if slightly changed, could be used to detect people who attempt to detect your platform. http://www.false.com/security/scanlogd/ This is linux implementation, but I guess it could be ported to BSD's bpf instead of RAW_SOCK platform as well. I also had an idea, that you could defeat various OS probes using the same toy by spoofing various OS dependent responces and thus confuse such toys as nmap or queso. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message