nmap fingerprint
Robert Millan
rmh@debian.org
Wed, 23 Mar 2005 02:24:36 +0100
On Tue, Mar 22, 2005 at 11:58:02PM +0100, Alexander Sack wrote:
> Robert Millan wrote:
> > Hi!
> >
> > I've made this pair of patches (one for kfreebsd and one for nmap) that makes
> > our kernel produce slightly different tcp/ip fingerprints than unmodified
> > kernel of FreeBSD, and nmap able to identify our version.
> >
> > The idea is that with this change GNU/kFreeBSD webservers no longer will be
> > miss-identified as FreeBSD in places like netcraft (www.netcraft.com), etc.
> >
> > Any comments? I would appreciate some testing on the patch before committing
> > it (specialy because I'm not sure if reducing the max window size could have
> > undesired effects).
> >
> >
> Hmm, for me this looks like a non-issue. If I read [1] correctly netcraft uses
> http headers to identify the OS.
>
> [1] - http://uptime.netcraft.com/up/accuracy.html#os
They don't say exactly that, but:
"Netcraft determines the operating system of the queried host by looking in
detail at the network characteristics of the HTTP reply received from the web site."
which sounds pretty ambigous. Are you sure their detection is not based on tcp
fingerprinting?
--
.''`. Proudly running Debian GNU/kFreeBSD unstable/unreleased (on UFS2+S)
: :' :
`. `' http://www.debian.org/ports/kfreebsd-gnu
`-