OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: olivier courtay (olivier.courtayintranode.com)
Date: Fri Apr 19 2002 - 07:40:21 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hello,

    Lots of people want Ring patch for Nmap.
    Please find enclosed the first release of Nmap patch.

    In order to apply the patch, follow the instructions below:

            Install Libnet(1.0.2a) (www.packetfactory.net/Projects/Libnet)
            Install Libdnet(1.2) (libdnet.sourceforge.net)
            Get nmap-2.54BETA32.tgz source tarball(www.insecure.org)
            untar the source: tar zxvf nmap-2.54BETA32.tgz
            Go to the source directory nmap-2.54BETA32
            uncompress patch gunzip nmap-Ring.patch.gz in this directory.
            applied the Ring patch:
     
            patch -p 1 < nmap-Ring.patch
     
            if you have a Linux 2.4 kernel, edit the filter.h and follow
    instructions.
     
            For installation, follow Nmap INSTALL file instructions
    (./configure && make ).
     
            Use the --ring option when you call Nmap
            (example: nmap --ring -O 192.168.1.1)

    We will be very happy to get your feedback on this technique.
    Feel free to contact us at: ringintranode.com

    Regards,
    Olivier

    olivier courtay a écrit :
    >
    > Carefully studying the way TCP works, especially some timer value
    > inside the TCP stack, we have derived on a new technique for remote OS
    > detection, based on temporal response analysis.
    >
    > The idea is quite simple: send a TCP SYN packet to an open port on a
    > remote system, and listen the different answers (usually successive
    > SYN/ACK packets). By measuring the number of response, the delay
    > between retries, and the optional presence of a "RST" packet after a
    > few answers, we can easily recognize some operating systems.
    > The nice thing is that it only required to send one packet on an open
    > TCP port, which make this method really quiet.
    >
    > As a proof of concept, we also developed a standalone tool "RING"
    > that will perform these testings and identifications, using a signature
    > file.
    >
    > A patch for Nmap-2.54BETA32 is being prepared and should be released
    > anytime soon
    > At the moment, ring and nmap OS fingerprinting methods are launched
    > simulteamously
    > but results aren't merged for better accuracy.
    > If you want to try this patch, please send me an
    > email(ringintranode.com).
    >
    > More information is available at:
    > http://www.intranode.com/site/techno/techno_articles.htm
    >
    > The open source tool can be downloaded from:
    > http://www.intranode.com/pdf/techno/ring-0.0.1.tar.gz
    >
    > The open source tool for Linux2.4 kernel can be downloaded from:
    > http://www.intranode.com/pdf/techno/ring-0.0.1-Linux-2.4.tar.gz
    >
    > The full, 13 pages, white paper is available at:
    > http://www.intranode.com/pdf/techno/ring-full-paper.pdf
    >
    > We will be very happy to get your feedback on this technique.
    > Feel free to contact us at: ringintranode.com
    >
    > Thanks,
    > Olivier 

    -- 
________________________________
Olivier  Courtay
Research Engineer 
tel: +33 (0) 223 455 524
fax: +33 (0) 223 455 501
mailto: olivier.courtayintranode.com
http://www.intranode.com

    Intranode Software Technologies
Security you can see.

    -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-helpinsecure.org . List run by ezmlm-idx (www.ezmlm.org).