Hi Just did a little hack on logic_tree.c in order to identify IBM OS/400. Without this, xprobe would identify OS/400 boxes as "Novell (FreeBSD 4.3-current(?)". Main differences between Novell and OS/400: - TTL is 128 for Novell and 64 for OS/400 - OS/400, as opposite to Novell, replies to ICMP Timestamp queries - Every reply from OS/400 (echo or tstamp) is marked with TOS=32 I used the latter approach, since TTL can be deceptive with boxes many hops away and Timestamp would require a new packet to be issued. Use at your own risk :) [root@brutus xprobe-0.0.2]# diff logic_tree.c ../xprobe-0.0.2patched/logic_tree.c 226a227,233 > if (icmpecho_res->ip->ip_tos == 0x20) { > tree_message("TOS 32"); > fin_message("IBM OS/400"); > free_res(&icmpecho_res); > free_res(&udp_res); > return 38; > } else { 230a238 > } -- Fernando Cardoso - Security Consultant WhatEverNet Computing, S.A. Phone : +351 21 7994200 Praca de Alvalade, 6 - Piso 6 Fax : +351 21 7994242 1700-036 Lisboa - Portugal email : fernando.cardosoat_private http://www.whatevernet.com/ _____________________________________________________________________ INTERNET MAIL FOOTER A presente mensagem pode conter informação considerada confidencial. Se o receptor desta mensagem não for o destinatário indicado, fica expressamente proibido de copiar ou endereçar a mensagem a terceiros. Em tal situação, o receptor deverá destruir a presente mensagem e por gentileza informar o emissor de tal facto. --------------------------------------------------------------------- Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. --------------------------------------------------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Oct 25 2001 - 08:08:53 PDT