Date: Wed, 16 Dec 1998 18:38:19 +0500 (KGT) From: CyberPsychotic <fygrave@tigerteam.net> To: "Jan B. Koum " <jkb@best.com> Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, freebsd-security@FreeBSD.ORG Subject: Re: Detecting remote host type and so on.. Message-ID: <Pine.LNX.4.05.9812161826060.392-100000@gizmo.kyrnet.kg> In-Reply-To: <19981216051330.A28228@best.com>
next in thread | previous in thread | raw e-mail | index | archive | help
~ And yet another old thread, but now is the time. :) ~ ~ The nmap2 port scanner was released last night and it has ~ support for remote OS fingerprinting. Ever wanted to find ~ out exactly what OS someone was running on a device which ~ has a TCP/IP stack? Now you can do so very easy. Get nmap ~ from http://www.insecure.org/nmap - or from ports since ~ the port was upgrade last night to the 2.0 version. ~ Yes. I have noted the Fyodor's post on bugtraq today. (shh.. another Fyodor, but I can not claim a copyright for my real name :)) I also checked the webpage which covers some interesting points regarding this subject. Actually the idea is clear to me with remote OS detection,(thanks to people on the list) and nowdays I am busy with my personal experiments digging a various responces for all kind of maliformed packets. So far I've got Solaris/Linux and so BSD platforms for my experiments, but i think once I get my toys usable for anyone but me, I could share them for testing on other boxes. Thanks for the note anyway :). ~F. PS: There's another interesting toy, which, if slightly changed, could be used to detect people who attempt to detect your platform. http://www.false.com/security/scanlogd/ This is linux implementation, but I guess it could be ported to BSD's bpf instead of RAW_SOCK platform as well. I also had an idea, that you could defeat various OS probes using the same toy by spoofing various OS dependent responces and thus confuse such toys as nmap or queso. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.9812161826060.392-100000>