nmap fingerprint
Alexander Sack
asac@jwsdot.com
Tue, 22 Mar 2005 23:58:02 +0100
Robert Millan wrote:
> Hi!
>
> I've made this pair of patches (one for kfreebsd and one for nmap) that makes
> our kernel produce slightly different tcp/ip fingerprints than unmodified
> kernel of FreeBSD, and nmap able to identify our version.
>
> The idea is that with this change GNU/kFreeBSD webservers no longer will be
> miss-identified as FreeBSD in places like netcraft (www.netcraft.com), etc.
>
> Any comments? I would appreciate some testing on the patch before committing
> it (specialy because I'm not sure if reducing the max window size could have
> undesired effects).
>
>
Hmm, for me this looks like a non-issue. If I read [1] correctly netcraft uses
http headers to identify the OS.
IMHO, a better alternative from the nmap/tcp-stack point of view would be to
submit the fingerprint to the nmap maintainer stating that the same fingerprint
is from a kFreeBSD/i386 system. Hopefully, he will include this info and we
would be detected as FreeBSD 5.3, kFreeBSD/i386 or something like that.
Alex
[1] - http://uptime.netcraft.com/up/accuracy.html#os
--
GPG messages preferred. | .''`. ** Debian GNU/Linux **
Alexander Sack | : :' : The universal
asac@jwsdot.com | `. `' Operating System
http://www.jwsdot.com/ | `- http://www.debian.org/