nmap fingerprint
Robert Millan
rmh@debian.org
Tue, 22 Mar 2005 22:44:05 +0100
--n8g4imXOkfNTN/H1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hi!
I've made this pair of patches (one for kfreebsd and one for nmap) that makes
our kernel produce slightly different tcp/ip fingerprints than unmodified
kernel of FreeBSD, and nmap able to identify our version.
The idea is that with this change GNU/kFreeBSD webservers no longer will be
miss-identified as FreeBSD in places like netcraft (www.netcraft.com), etc.
Any comments? I would appreciate some testing on the patch before committing
it (specialy because I'm not sure if reducing the max window size could have
undesired effects).
--
.''`. Proudly running Debian GNU/kFreeBSD unstable/unreleased (on UFS2+S)
: :' :
`. `' http://www.debian.org/ports/kfreebsd-gnu
`-
--n8g4imXOkfNTN/H1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="nmap.diff"
--- /usr/share/nmap/nmap-os-fingerprints.old 2005-03-22 23:24:57.000000000 +0100
+++ /usr/share/nmap/nmap-os-fingerprints 2005-03-22 23:27:23.000000000 +0100
@@ -5161,6 +5161,17 @@
T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+Fingerprint GNU/kFreeBSD with 5.3 kernel on x86
+Class FreeBSD | FreeBSD | 5.X | general purpose
+T1(DF=Y%W=FFFE%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=FFFE%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
Fingerprint FreeSCO 0.27 (Linux 2.0.38)
Class FreeSCO | Linux | 2.0.X | router
TSeq(Class=RI%gcd=<6%SI=<1F22A6E&>4E0A2%IPID=Z%TS=100HZ)
--n8g4imXOkfNTN/H1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="hack_tcp_fingerprint.diff"
--- src/sys/netinet/tcp.h.old 2005-03-22 22:22:07.000000000 +0100
+++ src/sys/netinet/tcp.h 2005-03-22 22:22:27.000000000 +0100
@@ -146,7 +146,7 @@
*/
#define TCP6_MSS 1024
-#define TCP_MAXWIN 65535 /* largest value for (unscaled) window */
+#define TCP_MAXWIN 65534 /* largest value for (unscaled) window */
#define TTCP_CLIENT_SND_WND 4096 /* dflt send window for T/TCP client */
#define TCP_MAX_WINSHIFT 14 /* maximum window shift */
--n8g4imXOkfNTN/H1--