> -----Original Message----- > From: Chandrashekhar B [mailto:[email protected]] > Sent: Friday, May 15, 2009 1:11 PM > To: Goran Ličina; [email protected] > Subject: RE: [Openvas-plugins] OS fingerprint plugin > > Hello Goran, >
Hi! > ________________________________________ > From: [email protected] > [mailto:[email protected]] On Behalf Of Goran > Licina > Sent: Monday, May 11, 2009 7:13 PM > To: [email protected] > Subject: [Openvas-plugins] OS fingerprint plugin > > >Hello, > > >we finally finished OS fingerprint plugin (in attachment). It is based > on > >ICMP OS fingerprinting as described by Ofir Arkin and Fyodor Yarochkin > in > >Phrack #57 (similar to xprobe2). > > I tested this plugin and it doesn't seem to work, it is getting stuck > in the > send_packet() in a while loop. Likely the filter needs correction, am > not > sure. But, as you have identified, it works fine with Nessus's nasl > interpreter. Have you tested it with newest openvas-nasl interpreter? We also had problems with send_packet() function when using older interpreter version because of pcap_timeout bug (http://wald.intevation.org/tracker/?func=detail&atid=220&aid=901&group_id=29). > > >Also, during development, we had following issues caused by OpenVAS > NASL > >interpreter: > > >1. Function this_host() returned value 127.0.0.1 instead of external > IP > >address on certain configuration (up to date Debian Lenny machine with > all > >newest OpenVAS plugins from apt.intevation.de repository). On the same > >machine function returned correct values when using Nessus NASL > intepreter. > >Any ideas why this happens? > > This is working fine for me. May be the system didn't have the IP > configured > correctly? I don't think this is the reason because this_host() function returned correct IP address when using Nessus nasl interpreter on the sam machine. Not sure, maybe it is another bug? As I said this happened only on specified configuration (Debian Lenny + newest packages from apt.intevation.de). Any ideas what should I check in IP configuration of that machine? It is being used on daily basis and everything else is working properly. > > >2. Function get_ip_element() returned wrong results when extracting > IP_ID > >value from received ICMP packet. Example: > > > get_ip_element(element : "ip_id", ip : ret); > > >Perhaps, if IP_ID value of received packet was 0xAABB (as seen by > packet > >sniffers tcpdump and tshark), function returned value 0xBBAA (flipped > >bytes). We evaded this error by using symmetric number (0xBABA). > Should we file this as a bug on Tracker? > > >We are not sure whether our plugin should be put in Service Detection > or > >General plugin family (or some other?). Plugin family is set to > General in > >this version. Please tell us if we should change this. > > I prefer it to be under Service Detection. I corrected this, plugin is in attachment. > > >Also we would like you to warn us if there are any mistakes in plugin > code > >or you have suggestions how to improve it. > > Thanks, > Chandra. Regards, Goran Licina -- Laboratory for Systems and Signals Department of Electronic Systems and Information Processing Faculty of Electrical Engineering and Computing University of Zagreb
os_fingerprint.rar
Description: os_fingerprint.rar
_______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
