New OS detection highlights

From: David Fifield <david_at_bamsoftware.com>
Date: Sat, 15 Sep 2007 12:50:41 -0600

Hi,

I just finished integrating about 600 new OS submissions. Here are some
that are interesting, unusual, or important.

Apple iPhone mobile phone (Darwin 9.0.0d1)
        The fingerprint is similar to, but distinguishable from, that of
        Mac OS X.

Linux 2.6.22
        I noticed that fingerprints for 2.6.22 had a significantly
        higher value for initial sequence number randomness. If this
        holds up, it means we can distinguish 2.6.22 from previous
        versions.

IPAD-OS
        This is some specialized router OS. The submitter gave a web
        site: http://www.ipadowners.org/.

IBM OS/390 V2

AmigaOS 3.9 BB2
        Neat. According to my research, BB2 is BoingBag 2, which is
        something like a service pack.

iDirect Protocol Processor (Red Hat Enterprise Linux 3)
        Here's what the submitter had to say: "This is a part of the
        iDirect satellite hub system, responsible for processing IP data
        into the custom layer-2 protocol used to communicate with
        iDirect Hub Line Cards (HLC) for transmission to a
        geosynchronous satellite." It's distinguishable from other Red
        Hat fingerprints.

Microsoft Windows Mobile 6 Classic

lwIP 1.1.0 lightweight TCP/IP stack
        This is a TCP/IP stack for microcontrollers. See
        http://www.sics.se/~adam/lwip/.

SCO UNIX 3.2v5.0.7

GNU Hurd 0.3
        Sweet! This is our first Hurd submission in the second-gen
        database. The version number came from the submitter; I wasn't
        sure about it because the Hurd web page says they don't have
        formal releases.

Sensatronics E4 temperature monitor

Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0 - 8.10.1)
        This wouldn't be noteworthy (we already have lots of OS X
        fingerprints) except that some 10.4.10 fingerprints have really
        large (> 0x1000000) values for their GCD attribute. Does anyone
        know anything about this? Is there a new algorithm Apple's
        using?

The database grew 19% from 12383 to 14713 lines. We now have 826
signatures. Keep them coming!

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Sat Sep 15 2007 - 18:50:41 GMT

This archive was generated by hypermail 2.2.0 : Sat Sep 15 2007 - 18:50:48 GMT