RE: ISN number prediction ?
:: I that was what it was, but it doesn't seem to be working now. :: Maybe it needs to know what the OS is in order to figure this out. :: When I run nmap I get :: :: No exact OS matches for host . :: :: suggesting that nmap cannot figure out any more that it is FreeBSD :: (probably because of the new TCP software in the kernel). Same here (against a 4.2-STABLE box): TCP Sequence Prediction: Class=random positive increments Difficulty=38177 (Worthy challenge) No OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: TSeq(Class=RI%gcd=1%SI=7E12) TSeq(Class=RI%gcd=1%SI=3CF6) TSeq(Class=RI%gcd=1%SI=9521) T1(Resp=Y%DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT) T2(Resp=N) T3(Resp=Y%DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E) (NMAP 2.53) -- Juha To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: ISN number prediction ?
perhaps -v in combo with the -O? for example: nmap -sT -v -O -F ? - Original Message - From: "Stephen Montgomery-Smith" <[EMAIL PROTECTED]> To: "Juha Saarinen" <[EMAIL PROTECTED]> Cc: "Lauri Laupmaa" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, May 05, 2001 3:43 PM Subject: Re: ISN number prediction ? > Juha Saarinen wrote: > > > > :: I remember that if you run the program nmap on your server with the > > :: right flags, that it will give its opinion on how good this is. > > :: But I don't remember the right sequence of flags to do this - anyone > > :: care to help me? > > > > -O > > I that was what it was, but it doesn't seem to be working now. > Maybe it needs to know what the OS is in order to figure this out. > When I run nmap I get > > No exact OS matches for host . > > suggesting that nmap cannot figure out any more that it is FreeBSD > (probably because of the new TCP software in the kernel). > > > > > -- > Stephen Montgomery-Smith > [EMAIL PROTECTED] > http://www.math.missouri.edu/~stephen > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-stable" in the body of the message > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: ISN number prediction ?
On Sat, May 05, 2001 at 05:27:22PM -0500, Stephen Montgomery-Smith wrote: > Lauri Laupmaa wrote: > > > > Hi > > > > As this analysis http://razor.bindview.com/publish/papers/tcpseq.html points > > out FreeBSD 4 ISN number generation 'is not impressive' It seems to be > > considerably weaker than linux-2.2's... > > > > I remember that if you run the program nmap on your server with the > right flags, that it will give its opinion on how good this is. > But I don't remember the right sequence of flags to do this - anyone > care to help me? Please remember that this is a complicated issue which can't be easily quantified with a single number; nmap can be used as a guide to sequence number predictability, but it's not the whole story. Kris PGP signature
Re: ISN number prediction ?
Juha Saarinen wrote: > > :: I remember that if you run the program nmap on your server with the > :: right flags, that it will give its opinion on how good this is. > :: But I don't remember the right sequence of flags to do this - anyone > :: care to help me? > > -O I that was what it was, but it doesn't seem to be working now. Maybe it needs to know what the OS is in order to figure this out. When I run nmap I get No exact OS matches for host . suggesting that nmap cannot figure out any more that it is FreeBSD (probably because of the new TCP software in the kernel). -- Stephen Montgomery-Smith [EMAIL PROTECTED] http://www.math.missouri.edu/~stephen To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
RE: ISN number prediction ?
:: I remember that if you run the program nmap on your server with the :: right flags, that it will give its opinion on how good this is. :: But I don't remember the right sequence of flags to do this - anyone :: care to help me? -O To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: ISN number prediction ?
Lauri Laupmaa wrote: > > Hi > > As this analysis http://razor.bindview.com/publish/papers/tcpseq.html points > out FreeBSD 4 ISN number generation 'is not impressive' It seems to be > considerably weaker than linux-2.2's... > I remember that if you run the program nmap on your server with the right flags, that it will give its opinion on how good this is. But I don't remember the right sequence of flags to do this - anyone care to help me? -- Stephen Montgomery-Smith [EMAIL PROTECTED] http://www.math.missouri.edu/~stephen To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: ISN number prediction ?
On Sun, May 06, 2001 at 12:10:41AM +0300, Lauri Laupmaa wrote: > Hi > > As this analysis http://razor.bindview.com/publish/papers/tcpseq.html > points out FreeBSD 4 ISN number generation 'is not impressive' It seems > to be considerably weaker than linux-2.2's... > > Any comments about this ? > Perhaps you missed the recent FreeBSD security advisory: http://docs.FreeBSD.org/cgi/getmsg.cgi?fetch=0+0+current/freebsd-security-notifications and the CERT advisory: http://www.cert.org/advisories/CA-2001-09.html which explain that this has been corrected... -- Chris D. Faulhaber - [EMAIL PROTECTED] - [EMAIL PROTECTED] FreeBSD: The Power To Serve - http://www.FreeBSD.org PGP signature
Re: ISN number prediction ?
On Sun, May 06, 2001 at 12:10:41AM +0300, Lauri Laupmaa wrote: > Hi > > As this analysis http://razor.bindview.com/publish/papers/tcpseq.html > points out FreeBSD 4 ISN number generation 'is not impressive' It seems > to be considerably weaker than linux-2.2's... > > Any comments about this ? Read the advisory we already released about this. Kris PGP signature