# $Id: xprobe2.conf,v 1.1 2003/01/25 16:55:26 provos Exp $ ############################################################ # # XPROBE2 configuration/fingerprints file # ############################################################ # # Copyright (c) 2001-2002 Ofir Arkin & Fyodor Yarochkin # ############################################################ # # Last Changed: 08 September 2002 14:00 GMT # ############################################################ # # # The format is as following: # # section_name { # param = value # param = value # option # option #} # # # Two sections combine this file: # generic: contains generic xprobe options and settings # fingerprint: contains OS fingerprint. # # # Dynamic keywords are possible in the fingerprint section # and are supposed to be handled by modules i.g.: # # os_id = "TYPE of OS" (you have to put this one! ;p) # icmp_echo_type = 15 # ip_id = 2 # telnet_banner = "Linux" # # etc.. # # # The following parameters are currently examined by modules: # #IP Header of Packet received: #----------------------------- #precedence_bits #tos_bits #unused_bit # #packet_length #IP_ID # #MF_BIT #DF_BIT #Unused # #fragmentation_offset #ttl # #options # # #TCP Header Received #------------------- #source_port_TCP_number #destination_port_TCP_number #sequence_number #acknowledgment_number # #URG #ACK #PSH #RST #SYN #FIN #RESERVED1 #RESERVED2 # #window_size #urgent_pointer #options # # #UDP Header Values #----------------- #source_port_UDP_number #destination_port_UDP_number #UDP_length #UDP_checksum # #ICMP Header Values #------------------ #ICMP_type #ICMP_code #ICMP_checksum # # # #ICMP Error Messages - Generic #----------------------------- #data_bytes_echoed #time_to_wait_for_ICMP_Unreachable # # #IP Header Echoed with an ICMP Error Message #-------------------------------------------------------- #precedence_bits #tos_bits #unused_bit # #packet_length #IP_ID # #MF_BIT #DF_BIT #Unused # #fragmentation_offset #ttl # #options # # #UDP_checksum_echoed #ttl_echoed #IP_ID_echoed #IP_total_length_echoed #IP_ID_echoed #MF_bit_echoed #Unused_echoed #IP_Header_checksum_echoed # # # # # ################### # GENERIC SECTION # ################### generic { timeout =10 } ############################### # FINGERPRINTS: # ############################### # Add your fingerprints here # ############################### # #fingerprint { # OS_ID = "Linux 2.4.x" # ip_id = 0 # # some bogus keywords for an example # # if keywords are not recognized by any module, warning is issued, and # # thgey are ignored. # testkeyword2 = "value" # testkeyword3 = "value" #} # #Xprobe2 verified Signatures # #For correction and submission of signatures #please email ofir@sys-security.com # #Last Changed: 08 September 2002 14:00 GMT # # #The Database is organized as follows: #Linux Kernels / FreeBSD / NetBSD / OpenBSD / Sun Solaris / Other *nix #Microsoft Windows OSs / Networking Devices / Printers # #fingerprint { # OS_ID = "My OS" # #Entry inserted to the database by: Moderator's name (email) # #Entry contributed by: Contributer's name (email) # #Date: Date entered into database # #Modified: Date Modified # # #Module A [ICMP ECHO Probe] # icmp_echo_code = [ 0, !0 ] # icmp_echo_ip_id = [ 0, !0 ] # icmp_echo_tos_bits = [ 0, !0] # icmp_echo_df_bit = [0, 1] # icmp_echo_reply_ttl = [>< decimal num] # # #Module B [ICMP Timestamp Probe] # icmp_timestamp_reply = [ y, n] # icmp_timestamp_reply_ttl = [>< decimal num] # # #Module C [ICMP Address Mask Request Probe] # icmp_addrmask_reply = [ y, n] # icmp_addrmask_reply_ttl = [>< decimal num] # # #Module D [ICMP Information Request Probe] # icmp_info_reply = [ y, n] # icmp_info_reply_ttl = [>< decimal num] # # #Module E [UDP -> ICMP Unreachable probe] # #IP_Header_of_the_UDP_Port_Unreachable_error_message # icmp_unreach_echoed_dtsize = [8, 64, >64] # icmp_unreach_reply_ttl = [>< decimal num] # icmp_unreach_precedence_bits = 0xc0, 0, (hex num) # icmp_unreach_df_bit = [0 , 1 ] # # #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message # icmp_unreach_echoed_udp_cksum = [0, OK, BAD] # icmp_unreach_echoed_ip_cksum = [0, OK, BAD] # icmp_unreach_echoed_ip_id = [OK, FLIPPED] # icmp_unreach_echoed_total_len = [>20, OK, <20] # icmp_unreach_echoed_3bit_flags = [OK, FLIPPED] #} #The Linux (Kernel) Operating System fingerprint { OS_ID = "Linux Kernel 2.4.5 and above" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 8 August 2002 #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "Linux Kernel 2.4.0 - 2.4.4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 8 August 2002 #Module A icmp_echo_code = !0 icmp_echo_ip_id = 0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "Linux Kernel 2.2.x" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 8 August 2002 #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } #FreeBSD Operating Systems fingerprint { OS_ID = "FreeBSD 4.6" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "FreeBSD 4.5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 29 July 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "FreeBSD 4.4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "FreeBSD 4.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "FreeBSD 4.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "FreeBSD 4.1.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "FreeBSD 4.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 29 July 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED } fingerprint { OS_ID = "FreeBSD 3.4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 29 July 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED } fingerprint { OS_ID = "FreeBSD 3.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED } fingerprint { OS_ID = "FreeBSD 3.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED } fingerprint { OS_ID = "FreeBSD 3.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED } fingerprint { OS_ID = "FreeBSD 2.2.8" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED } fingerprint { OS_ID = "FreeBSD 2.2.7" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED } #NetBSD Operating Systems fingerprint { OS_ID = "NetBSD 1.5.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "NetBSD 1.5.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "NetBSD 1.5.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } #OpenBSD Operating Systems fingerprint { OS_ID = "OpenBSD 3.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 24 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = <20 icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "OpenBSD 3.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = <20 icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "OpenBSD 2.9" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = <20 icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "OpenBSD 2.8" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = <20 icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "OpenBSD 2.7" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = <20 icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "OpenBSD 2.6" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = <20 icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "OpenBSD 2.5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } #Sun Operating Systems fingerprint { OS_ID = "Sun Solaris 9 (SunOS 2.9)" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Meder Kydyraliev (meder@areopag.net) #Date: 08 September 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "Sun Solaris 8 (SunOS 2.8)" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "Sun Solaris 7 (SunOS 2.7)" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "Sun Solaris 6 (SunOS 2.6)" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "Sun Solaris 5 (SunOS 2.5)" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } #Other *nix Operating Systems fingerprint { OS_ID = "Digital UNIX 5.6" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 29 July 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 #Module D icmp_info_reply = y icmp_info_reply_ttl = <64 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = !0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "HPUX B.11.0 x" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "SCO OpenServer Release 5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } #Microsoft Windows Operating Systems fingerprint { OS_ID = "Microsoft Windows XP Professional" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: - #Module A icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "Microsoft Windows 2000/2000SP1/2000SP2/2000SP3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: - #Module A icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "Microsoft Windows ME" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: Date 29 July 2002 #Modified: - #Module A icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "Microsoft Windows NT 4 Service Pack 4 and Above" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: - #Module A icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "Microsoft Windows NT 4 Service Pack 3 and Below" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: - #Module A icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <128 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "Microsoft Windows 98/98SE" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 29 July 2002 #Modified: - #Module A icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <128 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } #fingerprint { # OS_ID = "Microsoft Windows 95" # # icmp_port_unreach_ttl =< 32 # icmp_query_reply_ttl =< 32 # # icmp_timestamp_reply = no # icmp_addressmask_reply = yes # icmp_information_reply = no #} #Apple Operating Systems fingerprint { OS_ID = "Mac OS X 10.1.5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } fingerprint { OS_ID = "Mac OS 9.2.x" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Jamie Van Randwyk (jvanran@sandia.gov) #Date: 20 August 2002 #Modified: - #Module A icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <255 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <255 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK } #Networking Devices #Printers