March 18th, 2004, 01:11 AM
ICMP OS Detection Script
Mods: I was unsure of where to post this, whether I should throw it here, or IDS/Scanner Discussions or if it should go in Code Review.... Feel free to move it as you see fit.
Quite a few years back, nmap was still in the early version 2s I believe, I had read Ofir Arkin's original ICMP OS detection paper, and decided I wanted to work on implementing it. I wrote a small OS Detection program, very basic... no where near the level of nmap or queso, but it served it's purpose, it'd tell you the basics of which operating system the person was running. I used this program and distributed it for a while, but not much ever came of it. Early today, I got an ICQ message from a buddy whom I'd sent the script to back then. He had wiped his linux box and started over and wanted to know if I still had the script because he used it all the time. After a little searching I found the backed up copies. I sent it to him, and he said he still used it all the time because it wasn't noisy, and it wasn't specific but it gave you an idea of what you were dealing with. With more and more people running firewalls and blocking ICMPs the results are more easily skewed, but it still works decently well. I figured I'd post it up here for some feedback, and if you like it at all, i'll go back into production with it and try and make it a lot more accurate without making it much noisier. It's simply a linux shell script and requires both ping and sing in order to operate. Hopefully you'll enjoy and give me some feedback.
PS please remember this is very old and needs much work done to it, but i just want feedback on whether or not I should bother to pursue it.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
March 18th, 2004, 05:43 AM
you should go forth and write this program, it will be invaluable to future network administrators.
March 18th, 2004, 06:17 PM
Very interesting. I look forward to trying it out..