Re: New Nmap vs SinFP benchmark

I have read a few of the other responses to this thread and have to say
I was a a little surprised...

I have not had a chance to put 4.2x though it's paces... only internal
stuff so far, but from what I had read I thought 4.2x was supposed to
handle NAT and proxy stuff better.

Especially if it was a 1->1 NAT not a 1->many.  I am surprised it would
respond saying it did not know the finger print and give the option to
submit a finger print.  Either the fingerprint info would not be valid
or only valid in that one case or we need to be submitting a bunch of
NATed fingerprints and I am sure that is not wanted.

Much of the world uses NAT as an additional form of a firewall even 1-1
Nat 1.2.3.4 -> 5.6.7.8. (I am not saying it enhances security that much
but I know people using it...)

I read about the possible -sQ option mentioned, but I don't think that
does what most would be after.  The basic ability to say what is sitting
on the other side of a NATed box and what the firewall/proxy/router is
doing in between.

I think tests like these no matter how debated certain parts may be can
be good to show where improvements may need to be made.  In some cases
improvements the program or in other cases improvements in the
documentation (if the tester can't figure it out maybe a better
description is needed for all).

Alan





GomoR wrote:
> Hi,
>
> I told the author to re-test using latest Nmap, and here 
> are the results:
>
> http://www.phocean.net/index.php/post/2006/12/24/Updated-%3A-SinFP-205-and-Nmap-420
>
> Best regards,
>
>   

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org