OS fingerprinting with linux

Discuss the many weaknesses of browser security and ways to mitigate the threat

OS fingerprinting with linux

Post by ampakine on Sun Jun 05, 2011 12:39 pm
([msg=58121]see OS fingerprinting with linux[/msg])

nmap is brilliant and I can usually use it to find out what OS an IP on my network is running but when I do it on my own IP heres what happens:
me@mycomp:~$ sudo nmap -O 192.168.1.x
[sudo] password for ampakine:

Starting Nmap 5.21 ( http://nmap.org ) at 2011-06-05 18:34 IST
Nmap scan report for 192.168.1.x
Host is up (0.000053s latency).
All 1000 scanned ports on 192.168.1.x are closed
Too many fingerprints match this host to give specific OS details
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.20 seconds

I'm on Ubuntu 11.04. I remember in the past it would detect Ubuntu as Linux 2.6 but for versions 10 and up its always gave me that "too many fingerprints to determine OS" message. Am I using nmap wrong or is nmaps OS detection tool incapable of identifying Ubuntu 10 and up? If its the latter can anyone recommend a better OS detection tool for linux?

EDIT: I just did an OS fingerprint on my XBox 360 and heres what happened:
me@mycomp:~$ sudo nmap -O 192.168.1.12

Starting Nmap 5.21 ( http://nmap.org ) at 2011-06-05 19:07 IST
Nmap scan report for 192.168.1.x
Host is up (0.0081s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
1027/tcp open IIS
MAC Address: XX:XX:XX:XX:XX:XX (Microsoft)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|switch
Running (JUST GUESSING) : HP OpenVMS 7.X|8.X (88%), HP embedded (87%), Fujitsu Siemens ReliantUNIX (86%), Compaq Tru64 UNIX 5.X (85%)
Aggressive OS guesses: HP OpenVMS 7.2 (88%), HP ProCurve 2524 switch (J4813A) (87%), HP ProCurve 4104gl or 4108gl switch (87%), Fujitsu Siemens ReliantUNIX-N (SINIX-N) on RM400 (86%), Compaq Tru64 UNIX 5.1B or HP OpenVMS 8.2 - 8.3 (85%), HP OpenVMS 8.3 (85%), HP OpenVMS 7.3 (85%), HP OpenVMS 7.2-1 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 43.70 seconds

I don't know what all that means. I see that it used the MAC address to identify it as a Microsoft device but I'm guessing everything below means that it couldn't adequately identify the device because its blocking probes on 999 closed ports and for other reasons so it gave me that probability distribution with guesses of what the device might be. Theres nobody online with a mac anymore but earlier when I did an OS fingerprint on a laptop running Mac OS X it had no trouble identifying the OS and version. There are no windows machines on my network so I can't experiment with them but I'm guessing nmap would have no trouble identifying Windows OS's either.

I'm gonna test it on the various linux guests I have installed on Virtual Box now. Got a quick side question about this. All computers connect to my LAN with an IP in the range 192.168.1.1 to 192.168.1.254 but when I run an OS in VirtualBox (I've only got BackTrack5 up and running at the moment) and run ifconfig in the terminal it tells me that its using the IP 10.0.2.5. Do VirtualBox guests used a different IP block? For example will all VirtualBox guests all have IP's like 10.0.5.x?
ampakine
Experienced User
Experienced User
 
Posts: 65
Joined: Tue May 31, 2011 5:21 pm
Blog: View Blog (0)


Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests