#Xprobe2 Fingerprinting Database # #Last Modified: 11 July 2005 # #$Id: # #Contributions are welcomed # # #The fingerprinting database is (c) 2000-2005 by Ofir Arkin, Fyodor Yarochkin, Meder Kydyraliev #The database is available for free use by open source software under the terms of #the GNU General Public License. # #For commercial usage please contact: ofir@sys-security.com # # # #Generic Section generic { timeout = 2 community_strings=public,private,router,community,snmp,cisco } #Fingerprints # #For corrections & submission of signatures please email #ofir@sys-security.com # # #Example entry # #fingerprint { # OS_ID = "My OS" # #Entry inserted to the database by: Moderator's name (email) # #Entry contributed by: Contributer's name (email) # #Date: Date entered into database # #Modified: Date Modified # # #Module A [ICMP ECHO Probe] # icmp_echo_reply = [y, n] # icmp_echo_code = [0, !0] # icmp_echo_ip_id = [0, !0, SENT] # icmp_echo_tos_bits = [0, !0] # icmp_echo_df_bit = [0, 1] # icmp_echo_reply_ttl = [>< decimal num] # # #Module B [ICMP Timestamp Probe] # icmp_timestamp_reply = [y, n] # icmp_timestamp_reply_ttl = [>< decimal num] # icmp_timestamp_reply_ip_id = [0, !0, SENT] # # #Module C [ICMP Address Mask Request Probe] # icmp_addrmask_reply = [y, n] # icmp_addrmask_reply_ttl = [>< decimal num] # icmp_addrmask_reply_ip_id = [0, !0, SENT] # # #Module D [ICMP Information Request Probe] # icmp_info_reply = [y, n] # icmp_info_reply_ttl = [>< decimal num] # icmp_info_reply_ip_id = [0, !0, SENT] # # #Module E [UDP -> ICMP Unreachable probe] # #IP_Header_of_the_UDP_Port_Unreachable_error_message # icmp_unreach_reply = [y, n] # icmp_unreach_echoed_dtsize = [8, 64, >64] # icmp_unreach_reply_ttl = [>< decimal num] # icmp_unreach_precedence_bits = 0xc0, 0, (hex num) # icmp_unreach_df_bit = [0 , 1 ] # icmp_unreach_ip_id = [0, !0, SENT] # # #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message # icmp_unreach_echoed_udp_cksum = [0, OK, BAD] # icmp_unreach_echoed_ip_cksum = [0, OK, BAD] # icmp_unreach_echoed_ip_id = [OK, FLIPPED] # icmp_unreach_echoed_total_len = [>20, OK, <20] # icmp_unreach_echoed_3bit_flags = [OK, FLIPPED] # # #Module F [TCP SYN | ACK Module] # #IP header of the TCP SYN ACK # tcp_syn_ack_tos = [0, <value>] # tcp_syn_ack_df = [0 , 1 ] # tcp_syn_ack_ip_id = [0 , !0, SENT ] # tcp_syn_ack_ttl = [>< decimal num] # # #Information from the TCP header # tcp_syn_ack_ack = [<value>] # tcp_syn_ack_window_size = [<value>] # tcp_syn_ack_options_order = ["order"] # tcp_syn_ack_wscale = [<value>, NONE] # tcp_syn_ack_tsval = [0, !0, NONE] # tcp_syn_ack_tsecr = [0, !0, NONE] # # #Module G [TCP RST|ACK] # tcp_rst_reply = [y ,n] # tcp_rst_df = [0, 1] # tcp_rst_ip_id_1 = [0, !0] # tcp_rst_ip_id_2 = [0, !0] # tcp_rst_ip_id_strategy = [0, I, R] # tcp_rst_ttl = [>< decimal num] # #} #AIX fingerprint { OS_ID = "AIX 5.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 July 2003 #Modified: 14 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = y icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = >20 icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "AIX 4.3.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 July 2003 #Modified: 14 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = y icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = >20 icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16060 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } #Apple fingerprint { OS_ID = "Apple Mac OS X 10.2.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 May 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 33304 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.2.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 May 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 33304 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.2.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 May 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 33304 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.2.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 May 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 33304 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.2.4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 May 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 33304 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.2.5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 May 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 33304 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.2.6" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 May 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 33304 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.2.7" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 May 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 33304 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.2.8" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 May 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 33304 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.3.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 4 June 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.3.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 4 June 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.3.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 4 June 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.3.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 4 June 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.3.4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 4 June 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.3.5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 4 June 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.3.6" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 4 June 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.3.7" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 4 June 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.3.8" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 4 June 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.3.9" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 4 June 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.4.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 6 June 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } fingerprint { OS_ID = "Apple Mac OS X 10.4.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 6 June 2005 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = MSS NOP WSCALE NOP NOP TIMESTAMP tcp_syn_ack_wscale = 0 tcp_syn_ack_tsecr = !0 tcp_syn_ack_tsval = !0 #Module G tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = Darwin Kernel Version } #Cisco Systems fingerprint { OS_ID = "Cisco IOS 12.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 01 February 2005 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = SENT icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = SENT #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = SENT #Module D icmp_info_reply = y icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = SENT #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0x10 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <255 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 4128 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Cisco IOS 12.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 25 June 2002 #Modified: 25 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = SENT icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = SENT #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = SENT #Module D icmp_info_reply = y icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = SENT #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0x10 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <255 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 4128 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Cisco IOS 12.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 27 January 2002 #Modified: 25 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = SENT icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = SENT #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = SENT #Module D icmp_info_reply = y icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = SENT #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0x10 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <255 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 4128 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Cisco IOS 11.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 27 January 2002 #Modified: 25 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = SENT icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = SENT #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = SENT #Module D icmp_info_reply = y icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = SENT #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0x10 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <255 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 4128 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Cisco IOS 11.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 27 January 2002 #Modified: 25 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = SENT icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = SENT #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = SENT #Module D icmp_info_reply = y icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = SENT #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <255 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 2144 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Cisco IOS 11.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 27 January 2002 #Modified: 25 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = SENT icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = SENT #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = SENT #Module D icmp_info_reply = y icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = SENT #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <255 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 2144 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } #Foundry Networks fingerprint { OS_ID = "Foundry Networks IronWare Version 03.0.01eTc1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 February 2005 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 20 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Foundry Networks IronWare Version 07.5.04T53" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 July 2003 #Modified: 14 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Foundry Networks IronWare Version 07.5.05KT53" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 July 2003 #Modified: 14 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Foundry Networks IronWare 07.6.01BT51" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 July 2003 #Modified: 14 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Foundry Networks IronWare 07.6.04aT51" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 February 2005 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Foundry Networks IronWare 07.7.01eT53" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 February 2005 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } #FreeBSD fingerprint { OS_ID = "FreeBSD 5.4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 May 2005 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 1 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = FreeBSD 5.4 } fingerprint { OS_ID = "FreeBSD 5.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 December 2004 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 1 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = FreeBSD 5.3 } fingerprint { OS_ID = "FreeBSD 5.2.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 December 2004 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 1 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = FreeBSD 5.2.1 } fingerprint { OS_ID = "FreeBSD 5.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 December 2004 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 1 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = FreeBSD 5.2 } fingerprint { OS_ID = "FreeBSD 5.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 25 June 2003 #Modified: 25 June 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 1 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = FreeBSD 5.1 } fingerprint { OS_ID = "FreeBSD 5.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 5 April 2003 #Modified: 29 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 1 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 snmp_sysdescr = FreeBSD 5.0 } fingerprint { OS_ID = "FreeBSD 4.11" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 May 2005 #Modified: #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 57344 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 4.10" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 December 2004 #Modified: #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 57344 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 4.9" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 December 2004 #Modified: #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 57344 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 4.8" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 5 April 2003 #Modified: 29 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 57344 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 4.7" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 5 April 2003 #Modified: 29 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 57344 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 4.6.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 25 June 2003 #Modified: 25 June 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 57344 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 4.6" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 20 March 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 57344 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 4.5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 29 July 2002 #Modified: 20 March 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 1 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 4.4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 20 March 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17376 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 4.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 30 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 4.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 05 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 4.1.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 30 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 4.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 29 July 2002 #Modified: 20 March 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 3.5.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 July 2003 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 3.4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 29 July 2002 #Modified: 29 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 3.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 3.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 3.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 2.2.8" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17376 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "FreeBSD 2.2.7" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17376 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } #HP fingerprint { OS_ID = "HP UX 11.0x" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 July 2003 #Modified: 14 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32768 tcp_syn_ack_options_order = "MSS NOP NOP SACK WSCALE NOP NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "HP UX 11.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 1 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32768 tcp_syn_ack_options_order = "MSS NOP NOP SACK WSCALE NOP NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "HP JetDirect ROM A.03.17 EEPROM A.04.09" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 04 July 2003 #Modified: 04 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = 0 icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM A.05.03 EEPROM A.05.05" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 04 July 2003 #Modified: 04 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = 0 icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM F.08.01 EEPROM F.08.05" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 February 2005 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM F.08.08 EEPROM F.08.05" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 February 2005 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM F.08.08 EEPROM F.08.20" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 February 2005 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM G.05.34 EEPROM G.05.35" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 04 July 2003 #Modified: 04 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = 0 icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM G.06.00 EEPROM G.06.00" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 February 2005 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM G.07.02 EEPROM G.07.17" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 February 2005 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM G.07.02 EEPROM G.07.20" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 04 July 2003 #Modified: 04 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM G.07.02 EEPROM G.08.04" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 February 2005 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM G.07.19 EEPROM G.07.20" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 04 July 2003 #Modified: 04 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM G.07.19 EEPROM G.08.03" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 04 July 2003 #Modified: 04 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM G.07.19 EEPROM G.08.04" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 February 2005 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM G.08.08 EEPROM G.08.04" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 04 July 2003 #Modified: 04 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM G.08.21 EEPROM G.08.21" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 04 July 2003 #Modified: 04 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM H.07.15 EEPROM H.08.20" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 04 July 2003 #Modified: 04 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <60 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <60 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <60 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <60 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <60 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <60 } fingerprint { OS_ID = "HP JetDirect ROM L.20.07 EEPROM L.20.24" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 04 July 2003 #Modified: 04 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = 0 icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 11680 tcp_syn_ack_options_order = "MSS NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "HP JetDirect ROM R.22.01 EEPROM L.24.08" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 February 2005 #Modified: - #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = 0 icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5840 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } #Linux fingerprint { OS_ID = "Linux Kernel 2.6.11" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 4 January 2005 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 2 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.6.10" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 4 January 2005 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 2 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.6.9" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 2 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.6.8" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 7 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.6.7" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.6.6" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.6.5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.6.4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.6.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.6.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.6.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.6.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.4.30" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 May 2005 #Modified: #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.4.29" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 May 2005 #Modified: #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.4.28" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.4.27" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.4.26" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.4.25" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.4.24" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.4.23" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.4.22" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.4.21" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 08 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.4.20" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 08 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.4.19" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 08 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <64 } fingerprint { OS_ID = "Linux Kernel 2.4.18" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 08 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.17" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 08 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.16" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 08 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.15" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 08 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.14" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 08 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.13" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 08 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.12" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 08 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.11" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 08 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.10" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 08 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.9" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 08 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.8" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 08 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.7" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 07 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.6" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 07 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 07 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.4 (I)" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 15 February 2005 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = 0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = 0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = 0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = 0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 07 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = 0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = 0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = 0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = 0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = 0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 07 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = 0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = 0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = 0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = 0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = 0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 07 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = 0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = 0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = 0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = 0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = 0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 07 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = 0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = 0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = 0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = 0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = 0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.4.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 07 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = 0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = 0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = 0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = 0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = 0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = 0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 5792 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = 0 tcp_rst_ip_id_2 = 0 tcp_rst_ip_id_strategy = 0 tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.26" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 19 December 2003 #Modified: #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.25" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 02 July 2003 #Modified: 02 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.24" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 02 July 2003 #Modified: 02 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.23" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 02 July 2003 #Modified: 02 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.22" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 02 July 2003 #Modified: 02 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.21" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 02 July 2003 #Modified: 02 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.20" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 02 July 2003 #Modified: 02 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.19" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 02 July 2003 #Modified: 02 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.18" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.17" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.16" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.15" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.14" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.13" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.12" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.11" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.10" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.9" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.8" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.7" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.6" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.2.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 July 2003 #Modified: 13 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32120 tcp_syn_ack_options_order = "MSS SACK TIMESTAMP NOP WSCALE" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.0.36" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 July 2003 #Modified: 12 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32736 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.0.34" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 July 2003 #Modified: 12 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32736 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } fingerprint { OS_ID = "Linux Kernel 2.0.30" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 July 2003 #Modified: 12 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <64 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <64 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <64 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <64 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <64 icmp_unreach_precedence_bits = 0xc0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32736 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <255 } #Microsoft fingerprint { OS_ID = "Microsoft Windows 2003 Server Enterprise Edition" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 July 2003 #Modified: 14 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535,64240,17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows Server 2003 5.2 smb_nativeos = Windows Server 2003 3790 } fingerprint { OS_ID = "Microsoft Windows 2003 Server Standard Edition" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 July 2003 #Modified: 14 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535,64240,17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows Server 2003 5.2 smb_nativeos = Windows Server 2003 3790 } fingerprint { OS_ID = "Microsoft Windows XP SP2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 13 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_dtsize = >64 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows 2000 LAN Manager smb_nativeos = Windows 5.1 } fingerprint { OS_ID = "Microsoft Windows XP SP1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 19 December 2004 #Modified: #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 64240,17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows 2000 LAN Manager smb_nativeos = Windows 5.1 } fingerprint { OS_ID = "Microsoft Windows XP" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 19 December 2004 #Modified: #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 64240,17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows 2000 LAN Manager smb_nativeos = Windows 5.1 } fingerprint { OS_ID = "Microsoft Windows 2000 Server Service Pack 4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 02 July 2003 #Modified: 02 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 65535,64240,17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows 2000 LAN Manager smb_nativeos = Windows 5.0 } fingerprint { OS_ID = "Microsoft Windows 2000 Server Service Pack 3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 March 2003 #Modified: 02 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 64240,17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows 2000 LAN Manager smb_nativeos = Windows 5.0 } fingerprint { OS_ID = "Microsoft Windows 2000 Server Service Pack 2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 02 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows 2000 LAN Manager smb_nativeos = Windows 5.0 } fingerprint { OS_ID = "Microsoft Windows 2000 Server Service Pack 1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 02 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows 2000 LAN Manager smb_nativeos = Windows 5.0 } fingerprint { OS_ID = "Microsoft Windows 2000 Server" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 30 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows 2000 LAN Manager smb_nativeos = Windows 5.0 } fingerprint { OS_ID = "Microsoft Windows 2000 Workstation SP4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 30 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows 2000 LAN Manager smb_nativeos = Windows 5.0 } fingerprint { OS_ID = "Microsoft Windows 2000 Workstation SP3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 30 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows 2000 LAN Manager smb_nativeos = Windows 5.0 } fingerprint { OS_ID = "Microsoft Windows 2000 Workstation SP2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 30 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows 2000 LAN Manager smb_nativeos = Windows 5.0 } fingerprint { OS_ID = "Microsoft Windows 2000 Workstation SP1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 30 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows 2000 LAN Manager smb_nativeos = Windows 5.0 } fingerprint { OS_ID = "Microsoft Windows 2000 Workstation" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 30 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = 0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = < 128 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = Windows 2000 LAN Manager smb_nativeos = Windows 5.0 } fingerprint { OS_ID = "Microsoft Windows Millennium Edition (ME)" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 29 July 2002 #Modified: 05 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = 0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 } fingerprint { OS_ID = "Microsoft Windows NT 4 Server Service Pack 6a" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = NT LAN Manager 4.0 smb_nativeos = Windows NT 4.0 } fingerprint { OS_ID = "Microsoft Windows NT 4 Server Service Pack 5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = NT LAN Manager 4.0 smb_nativeos = Windows NT 4.0 } fingerprint { OS_ID = "Microsoft Windows NT 4 Server Service Pack 4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = NT LAN Manager 4.0 smb_nativeos = Windows NT 4.0 } fingerprint { OS_ID = "Microsoft Windows NT 4 Server Service Pack 3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = NT LAN Manager 4.0 smb_nativeos = Windows NT 4.0 } fingerprint { OS_ID = "Microsoft Windows NT 4 Server Service Pack 2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = NT LAN Manager 4.0 smb_nativeos = Windows NT 4.0 } fingerprint { OS_ID = "Microsoft Windows NT 4 Server Service Pack 1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = NT LAN Manager 4.0 smb_nativeos = Windows NT 4.0 } fingerprint { OS_ID = "Microsoft Windows NT 4 Server" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = NT LAN Manager 4.0 smb_nativeos = Windows NT 4.0 } fingerprint { OS_ID = "Microsoft Windows NT 4 Workstation Service Pack 6a" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: 05 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = NT LAN Manager 4.0 smb_nativeos = Windows NT 4.0 } fingerprint { OS_ID = "Microsoft Windows NT 4 Workstation Service Pack 5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: 05 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = NT LAN Manager 4.0 smb_nativeos = Windows NT 4.0 } fingerprint { OS_ID = "Microsoft Windows NT 4 Workstation Service Pack 4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: 05 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = NT LAN Manager 4.0 smb_nativeos = Windows NT 4.0 } fingerprint { OS_ID = "Microsoft Windows NT 4 Workstation Service Pack 3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: 05 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = NT LAN Manager 4.0 smb_nativeos = Windows NT 4.0 } fingerprint { OS_ID = "Microsoft Windows NT 4 Workstation Service Pack 2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: 05 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = NT LAN Manager 4.0 smb_nativeos = Windows NT 4.0 } fingerprint { OS_ID = "Microsoft Windows NT 4 Workstation Service Pack 1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: 05 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = NT LAN Manager 4.0 smb_nativeos = Windows NT 4.0 } fingerprint { OS_ID = "Microsoft Windows NT 4 Workstation" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 30 July 2002 #Modified: 05 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 smb_lanman = NT LAN Manager 4.0 smb_nativeos = Windows NT 4.0 } fingerprint { OS_ID = "Microsoft Windows 98 Second Edition (SE)" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 29 July 2002 #Modified: 05 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS NOP NOP SACK" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 } fingerprint { OS_ID = "Microsoft Windows 98" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 29 July 2002 #Modified: 14 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <128 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <128 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <128 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <128 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <128 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <128 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS NOP NOP SACK" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <128 } fingerprint { OS_ID = "Microsoft Windows 95" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 05 July 2003 #Modified: 05 July 2003 #Module A [ICMP ECHO Probe] icmp_echo_reply = y icmp_echo_code = 0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <32 #Module B [ICMP Timestamp Probe] icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <32 icmp_timestamp_reply_ip_id = !0 #Module C [ICMP Address Mask Request Probe] icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <32 icmp_addrmask_reply_ip_id = !0 #Module D [ICMP Information Request Probe] icmp_info_reply = n icmp_info_reply_ttl = <32 icmp_info_reply_ip_id = !0 #Module E [UDP -> ICMP Unreachable probe] #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <32 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <32 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <32 } #NetBSD fingerprint { OS_ID = "NetBSD 2.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 32768 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.6.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.6.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 06 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.6" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 06 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 0 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = 0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.5.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 06 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.5.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 06 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.5.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 06 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 06 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.4.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 July 2003 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.4.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 July 2003 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.4.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 July 2003 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 July 2003 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.3.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 July 2003 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = 0 icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.3.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 July 2003 #Modified: 12 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = 0 icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.3.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 July 2003 #Modified: 12 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = 0 icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "NetBSD 1.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 July 2003 #Modified: 12 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = 0 icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } #OpenBSD fingerprint { OS_ID = "OpenBSD 3.7" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 15 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP NOP SACK NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = R tcp_rst_ttl = <64 } fingerprint { OS_ID = "OpenBSD 3.6" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 15 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP NOP SACK NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = R tcp_rst_ttl = <64 } fingerprint { OS_ID = "OpenBSD 3.5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 16384 tcp_syn_ack_options_order = "MSS NOP NOP SACK NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = R tcp_rst_ttl = <64 } fingerprint { OS_ID = "OpenBSD 3.4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 14 December 2004 #Modified: - #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17376 tcp_syn_ack_options_order = "MSS NOP NOP SACK NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = R tcp_rst_ttl = <64 } fingerprint { OS_ID = "OpenBSD 3.3" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 07 June 2003 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = <20 icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17376 tcp_syn_ack_options_order = "MSS NOP NOP SACK NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = R tcp_rst_ttl = <64 } fingerprint { OS_ID = "OpenBSD 3.2" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 06 April 2003 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = <20 icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17376 tcp_syn_ack_options_order = "MSS NOP NOP SACK NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = R tcp_rst_ttl = <64 } fingerprint { OS_ID = "OpenBSD 3.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 24 August 2002 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = <20 icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17376 tcp_syn_ack_options_order = "MSS NOP NOP SACK NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = R tcp_rst_ttl = <64 } fingerprint { OS_ID = "OpenBSD 3.0" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 11 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = BAD icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = <20 icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17376 tcp_syn_ack_options_order = "MSS NOP NOP SACK NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = R tcp_rst_ttl = <64 } fingerprint { OS_ID = "OpenBSD 2.9" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 12 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = <20 icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17376 tcp_syn_ack_options_order = "MSS NOP NOP SACK NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = R tcp_rst_ttl = <64 } fingerprint { OS_ID = "OpenBSD 2.8" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 12 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = <20 icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17376 tcp_syn_ack_options_order = "MSS NOP NOP SACK NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = R tcp_rst_ttl = <64 } fingerprint { OS_ID = "OpenBSD 2.7" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 12 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = <20 icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17376 tcp_syn_ack_options_order = "MSS NOP NOP SACK NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = R tcp_rst_ttl = <64 } fingerprint { OS_ID = "OpenBSD 2.6" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 12 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = <20 icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17376 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = R tcp_rst_ttl = <64 } fingerprint { OS_ID = "OpenBSD 2.5" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 11 August 2002 #Modified: 12 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 0 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17376 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = R tcp_rst_ttl = <64 } fingerprint { OS_ID = "OpenBSD 2.4" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 12 July 2003 #Modified: 12 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = n icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 8 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = 0 icmp_unreach_echoed_ip_cksum = 0 icmp_unreach_echoed_ip_id = FLIPPED icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = FLIPPED #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 0 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <64 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 17520 tcp_syn_ack_options_order = "MSS NOP WSCALE NOP NOP TIMESTAMP" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 0 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } #Sun Solaris fingerprint { OS_ID = "Sun Solaris 10 (SunOS 5.10)" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 16 December 2004 #Modified: #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = n icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 49232 tcp_syn_ack_options_order = "NOP NOP TIMESTAMP MSS NOP WSCALE NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Sun Solaris 9 (SunOS 5.9)" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 08 September 2002 #Modified: 30 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E #IP_Header_of_the_UDP_Port_Unreachable_error_message icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 #Original_data_echoed_with_the_UDP_Port_Unreachable_error_message icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 49232 tcp_syn_ack_options_order = "NOP NOP TIMESTAMP MSS NOP WSCALE NOP NOP SACK" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Sun Solaris 8 (SunOS 2.8)" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 01 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <60 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 24616 tcp_syn_ack_options_order = "NOP NOP TIMESTAMP NOP WSCALE NOP NOP SACK MSS" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Sun Solaris 7 (SunOS 2.7)" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 01 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <255 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 10136 tcp_syn_ack_options_order = "NOP NOP TIMESTAMP NOP WSCALE NOP NOP SACK MSS" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Sun Solaris 6 (SunOS 2.6)" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 20 July 2002 #Modified: 30 June 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <255 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 10136 tcp_syn_ack_options_order = "NOP NOP TIMESTAMP NOP WSCALE MSS" tcp_syn_ack_wscale = 0 tcp_syn_ack_tsval = !0 tcp_syn_ack_tsecr = !0 #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 } fingerprint { OS_ID = "Sun Solaris 2.5.1" #Entry inserted to the database by: Ofir Arkin (ofir@sys-security.com) #Entry Contributed by: Ofir Arkin (ofir@sys-security.com) #Date: 23 July 2003 #Modified: 23 July 2003 #Module A icmp_echo_reply = y icmp_echo_code = !0 icmp_echo_ip_id = !0 icmp_echo_tos_bits = !0 icmp_echo_df_bit = 1 icmp_echo_reply_ttl = <255 #Module B icmp_timestamp_reply = y icmp_timestamp_reply_ttl = <255 icmp_timestamp_reply_ip_id = !0 #Module C icmp_addrmask_reply = y icmp_addrmask_reply_ttl = <255 icmp_addrmask_reply_ip_id = !0 #Module D icmp_info_reply = n icmp_info_reply_ttl = <255 icmp_info_reply_ip_id = !0 #Module E icmp_unreach_reply = y icmp_unreach_echoed_dtsize = 64 icmp_unreach_reply_ttl = <255 icmp_unreach_precedence_bits = 0 icmp_unreach_df_bit = 1 icmp_unreach_ip_id = !0 icmp_unreach_echoed_udp_cksum = OK icmp_unreach_echoed_ip_cksum = OK icmp_unreach_echoed_ip_id = OK icmp_unreach_echoed_total_len = OK icmp_unreach_echoed_3bit_flags = OK #Module F [TCP SYN | ACK Module] #IP header of the TCP SYN | ACK tcp_syn_ack_tos = 0 tcp_syn_ack_df = 1 tcp_syn_ack_ip_id = !0 tcp_syn_ack_ttl = <255 #Information from the TCP header tcp_syn_ack_ack = 1 tcp_syn_ack_window_size = 8760 tcp_syn_ack_options_order = "MSS" tcp_syn_ack_wscale = NONE tcp_syn_ack_tsval = NONE tcp_syn_ack_tsecr = NONE #Module G [TCP RST|ACK] tcp_rst_reply = y tcp_rst_df = 1 tcp_rst_ip_id_1 = !0 tcp_rst_ip_id_2 = !0 tcp_rst_ip_id_strategy = I tcp_rst_ttl = <64 }