Hello Goran, ________________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Goran Licina Sent: Monday, May 11, 2009 7:13 PM To: [email protected] Subject: [Openvas-plugins] OS fingerprint plugin
>Hello, >we finally finished OS fingerprint plugin (in attachment). It is based on >ICMP OS fingerprinting as described by Ofir Arkin and Fyodor Yarochkin in >Phrack #57 (similar to xprobe2). I tested this plugin and it doesn't seem to work, it is getting stuck in the send_packet() in a while loop. Likely the filter needs correction, am not sure. But, as you have identified, it works fine with Nessus's nasl interpreter. >Also, during development, we had following issues caused by OpenVAS NASL >interpreter: >1. Function this_host() returned value 127.0.0.1 instead of external IP >address on certain configuration (up to date Debian Lenny machine with all >newest OpenVAS plugins from apt.intevation.de repository). On the same >machine function returned correct values when using Nessus NASL intepreter. >Any ideas why this happens? This is working fine for me. May be the system didn't have the IP configured correctly? >2. Function get_ip_element() returned wrong results when extracting IP_ID >value from received ICMP packet. Example: > get_ip_element(element : "ip_id", ip : ret); >Perhaps, if IP_ID value of received packet was 0xAABB (as seen by packet >sniffers tcpdump and tshark), function returned value 0xBBAA (flipped >bytes). We evaded this error by using symmetric number (0xBABA). >We are not sure whether our plugin should be put in Service Detection or >General plugin family (or some other?). Plugin family is set to General in >this version. Please tell us if we should change this. I prefer it to be under Service Detection. >Also we would like you to warn us if there are any mistakes in plugin code >or you have suggestions how to improve it. Thanks, Chandra. _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
