On Wed, 31 Dec 2003, DePriest, Jason R. wrote:
> "Hidden Option" = "--osscan_guess" or "--fuzzy"
>
> Grepping the source code from nmap 3.48 for osscan_guess or fuzzy:
> CHANGELOG:647: if you don't use the secret --osscan_guess or -fuzzy
> options.
> NmapOps.h:177: int osscan_guess; /* Be more aggressive in guessing OS
> type */
> nmap.cc:244: {"osscan_guess", no_argument, 0, 0}, /* More guessing
> flexability */
> nmap.cc:247: {"fuzzy", no_argument, 0, 0}, /* Alias for osscan_guess
> */
>
> Also, this feature is supposed to be turned on automatically if nmap is
> completely clueless at what the OS is. I found this manually here:
> output.cc:908: // If the FP can't be submitted anyway, might as well
> make a guess.
>
> Actually looking at the code is a little beyond me. I am not a
> developer or coder, but that might get you started.
>
> A cursory I-have-no-idea-what-I'm-looking-for glance seems to imply that
> the fuzzy option widens number of tests (specially crafted packets) it
> will run during the fingerprinting stage and it ~might~ also give more
> leeway to the possible results.
>
>From the nmap changelog:
"Nmap will now sometimes guess in the "no exact matches" case, even
if you don't use the secret --osscan_guess or -fuzzy options."
This means that it will make a guess even when all fields do not match a
known sig. Check out os_fingerprint.nasl for another approach to
fingerprinting which is not so intrusive to scanned machines.
John Lampe
jwlampe -at- nessus.org
http://f00dikator.aceryder.com/
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
