Comments on: SinFP vs Nmap http://www.computerdefense.org/2006/12/sinfp-vs-nmap/ Sharing my thoughts with the world. Wed, 16 Nov 2011 02:58:20 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: The Ghost http://www.computerdefense.org/2006/12/sinfp-vs-nmap/comment-page-1/#comment-636 The Ghost Sat, 09 Dec 2006 12:20:50 +0000 http://www.computerdefense.org/?p=169#comment-636 GomoR, i don't see how you can say that SinFP is more accurate in the windows detection. Both SinFP and nmap outputted two choices. SinFP said 2000 or XP, and nmap said XP SP2 or 2003. I would consider nmap to be more accurate since it specifices that it is XP running SP2 or it is 2003. GomoR, i don't see how you can say that SinFP is more accurate in the windows detection. Both SinFP and nmap outputted two choices. SinFP said 2000 or XP, and nmap said XP SP2 or 2003.

I would consider nmap to be more accurate since it specifices that it is XP running SP2 or it is 2003.

]]> By: GomoR http://www.computerdefense.org/2006/12/sinfp-vs-nmap/comment-page-1/#comment-545 GomoR Tue, 05 Dec 2006 10:41:46 +0000 http://www.computerdefense.org/?p=169#comment-545 Hi, thank you for comparing SinFP versus Nmap. Here follows my comments: Concerning Windows detection. In your first tests, SinFP outputed 2000 or XP for a XP SP2 host. Nmap also outputed 2003, so SinFP is more accurate. Concerning your Apache, are you sure it listens on all interfaces, and not only on localhost address ? Concerning your second Windows test (against a fresh XP SP2 install), SinFP outputed 2000 or XP, and Nmap also says it may be an AIX 5.3. So SinFP is more accurate. Concerning the distinction between 2000 and XP, yes, SinFP cannot do that. And Nmap neither. Because they have the same TCP/IP stack. And service packs does not change anything. It Nmap outputs does not match this statement, this is because of Nmap signatures, and how it matches them. Finally, for random hosts, SunOS 4.1.4 is based on an old stack, taken from 4.3BSD sources, so SinFP is right. For AIX 4.3, have you tried with -H ? anyway, I am ready to accept the signature submition. Best regards, GomoR. Hi, thank you for comparing SinFP versus Nmap. Here follows my comments:

Concerning Windows detection. In your first tests, SinFP outputed 2000 or XP for a XP SP2 host. Nmap also outputed 2003, so SinFP is more accurate.

Concerning your Apache, are you sure it listens on all interfaces, and not only on localhost address ?

Concerning your second Windows test (against a fresh XP SP2 install), SinFP outputed 2000 or XP, and Nmap also says it may be an AIX 5.3. So SinFP is more accurate.

Concerning the distinction between 2000 and XP, yes, SinFP cannot do that. And Nmap neither. Because they have the same TCP/IP stack. And service packs does not change anything. It Nmap outputs does not match this statement, this is because of Nmap signatures, and how it matches them.

Finally, for random hosts, SunOS 4.1.4 is based on an old stack, taken from 4.3BSD sources, so SinFP is right. For AIX 4.3, have you tried with -H ? anyway, I am ready to accept the signature submition.

Best regards, GomoR.

]]>