Xprobe 0.0.2 Released

From: Ofir Arkin (ofir@sys-security.com)
Date: Wed Oct 24 2001 - 18:10:54 PDT

  • Next message: Cdowns: "Auditing NT and UNIX Webserver Logfiles"

    We would like to announce the availability of Xprobe version 0.0.2.
    You can download our latest version from:
    Written and maintained by Fyodor Yarochkin and Ofir Arkin, Xprobe is an
    Active OS fingerprinting tool based on Ofir Arkin's ICMP Usage in
    Scanning Research project (http://www.sys-security.com).     
    Supported Platforms:
    - Linux Kernel 2.0.x, 2.2.x, 2.4.x
    - FreeBSD 4.x
    - NetBSD 1.4.x, 1.5.x
    - OpenBSD 2.x
    - Sun Solaris 2.x
    - IRIX
    Changes from version 0.0.1p1:
    - Fixed a bug that prevented the correct identification of Microsoft
    Windows ME and Microsoft Windows 98/98SE.
    - A logging option have been added using the -o <file> option you can
    now log the results to a file for further processing.
    - You can now specify a receiving time out using the -t option.
    - Added support for IBM OS/390, SunOS 4.x, and Microsoft Windows XP
    (TCP/IP stack is looking exactly the same as with Microsoft Windows
    2000, with ICMP).
    - Added support for compilation under IRIX.
    - Bugs and Code sweeps were performed.
    - The tool and the man page now carry the name of Xprobe.
    Xprobe is documented in a white paper we released called "X remote ICMP
    based OS fingerprinting techniques" (X is the logic behind the tool),
    available from http://www.sys-security.com/html/projects/X.html.  
    Known Limitations:
    Xprobe 0.0.2 identifies a limited number of operating systems (all
    current operating system included) and networking devices (a full list
    is available in the README file). 
    We are planning to release version 0.1 which will support a signature
    database in the Black Hat Briefings Europe 2001 held in the Krasnapolsky
    Hotel in Amsterdam 21-22 November 2001 (http://www.blackhat.com).  
    How to use:
    See manual for details. A quick hint:
    xprobe [options] hostname[/netmask] (and watch the output).
    available options:
    -h [help]
    -v be verbose
    -i <interface> run on interface (needed if wrong interface is choosen)
    -p <portnum>   use <portnum> udp port for udp probe.
    -o logfile     log everything into a logfile. (default: stderr).
    -t timeout     receive timeout (seconds)
    Fyodor Yarochkin
    Ofir Arkin [ofir@sys-security.com]
    The Sys-Security Group
    PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA

    This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 18:19:20 PDT