Re: OS Fingerprints

From: GomoR (sfml@gomor.org)
Date: Wed Oct 05 2005 - 08:59:10 EDT

• Next message: BSK: "Re: OS Fingerprints"
• Previous message: JB: "RE: OS Fingerprints"
• In reply to: BSK: "OS Fingerprints"
• Next in thread: Dragos Ruiu: "Re: OS Fingerprints"
• Reply: Dragos Ruiu: "Re: OS Fingerprints"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, Oct 04, 2005 at 03:07:27PM +0100, BSK wrote:
> Dear All,
>
> Some time back I came across a document that listed a
> table with Operating systems and their TTL that helped
> identify an operating system.
>
> I've been trying to search that document on Internet
> and my machine but not successful yet. Can someone
> point me to that or similar document.
>
> Basically I'm looking for information which helps us
> identify the target operating system from its TTL
> field obtained while ping. The document for example
> listed that if the TTL is 128 its likely to be M$ and
> if its 64 its likely to be Cisco Router or switch.
>
> Await your reply.
>
> rgds,
> Bshan

  Hello,

  if you want a simple trick to do OS fingerprinting, I
  suggest you to use the initial window size of a TCP session
  establishement.

  If you use that, you can create a table for each OS I've
  seen by parsing the file at:
  http://www.gomor.org/files/net-sinfp-db-export.txt

  Or better, use the database in SQLite format:
  DB Schema:
  http://www.gomor.org/files/net-sinfp-db-schema.ps
  DB:
  http://www.gomor.org/files/sinfp.db

  Or even better, use SinFP:
  http://www.gomor.org/cgi-bin/index.pl?mode=view;page=net_sinfp

  Best regards,

-- 
  ^  ___  ___    FreeBSD Network - http://www.GomoR.org/ <-+
  | / __ |__/          Systems & Security Engineer         |
  | \__/ |  \     ---[ zsh$ alias psed='perl -pe ' ]---    |
  +-->  Net::Packet <=> http://search.cpan.org/~gomor/  <--+
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: BSK: "Re: OS Fingerprints"
• Previous message: JB: "RE: OS Fingerprints"
• In reply to: BSK: "OS Fingerprints"
• Next in thread: Dragos Ruiu: "Re: OS Fingerprints"
• Reply: Dragos Ruiu: "Re: OS Fingerprints"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:02 EDT