nmap + uptime + os

Wed, 4 Jul 2001 11:55:39 +0800

Hello Thomas,

On Wednesday 04 July 2001 09:26, Thomas wrote:
> Hi,
> after testen nmap on my "ultrasafe" firewall i was very unhapy when i
> see nmap reporting not only os ( wich i already expected ) the patches against this
> are slow or don't work with other like grsecurity together.
> If found very fast that this information come from ipv4options.c in the
> kernel.

Can you please show me how you test this, I'm a bit lost ...
When I read the man page of the latest nmap, I get this about uptime :
"The -O option also enables several other tests.
One is the "Uptime" measurement, which uses the TCP
timestamp option (RFC 1323) to guess when a machine
was last rebooted.  This is only reported for machines
which provide this information."

My understanding is that it takes place at the TCP layer, like the man
page explains it. Thus, I believe it has nothing to do with ipv4options
that allow you to filter based on _IP_ timestamps...
ipv4options lets you match based on _IP_ options, and do not
take into account the TCP layer at all.

> Now i add "&& 1==2" to the check if it's needed. On the two places.
> Now the question nmap get much less information, but is there any
> malfunktion with this change ??

Can you explain your hack a little bit further, as I explained above,
I don't really understand the problem you said have found in ipv4options...
If it's really a bug, I'll do my best to fix it.

Thanks for your feedback.

Have a nice day,

Fabrice.
-- 
Fabrice MARIE
R&D Engineer
Celestix Networks
http://www.celestix.com/

"Silly hacker, root is for administrators" 
       -Unknown