nmap fingerprint

[Guillem Jover]

Hi,

On Tue, Mar 22, 2005 at 10:44:05PM +0100, Robert Millan wrote:
> I've made this pair of patches (one for kfreebsd and one for nmap) that makes
> our kernel produce slightly different tcp/ip fingerprints than unmodified
> kernel of FreeBSD, and nmap able to identify our version.

But they are using the same kernel, don't diverge from upstream (in
this case, the kernel) gratuitously.

> The idea is that with this change GNU/kFreeBSD webservers no longer will be
> miss-identified as FreeBSD in places like netcraft (www.netcraft.com), etc.

It's just identifying the kernel, or in other words the tcp/ip stack,
a better way to report a different system is via httpd for example,
so in the userland where it belongs, the kernel should not have the
knowledge of which system it's running under.

> Any comments?  I would appreciate some testing on the patch before committing
> it (specialy because I'm not sure if reducing the max window size could have
> undesired effects).

Well we'll lose a byte, also if there's Foo/kFreeBSD in the future
they will have to substract one from our definition as well? Seems
a very nasty hack.

It will also make some built applications diverge from the system
definition.

So I think this patch is a bad idea. =)

regards,
guillem