heewey
November 1, 2021, 1:55pm
1
Hello,
I was faced with the wrongly recognized OS on Cisco switch SG350 which was marked as Windows OS. Therefore was applied a few vulnerabilities which were false positives. The highest is “OpenSSH Multiple Vulnerabilities Jan17 (Windows)” on port 22. I´m not sure which can cause this behavior, but my nmap -O -v give me:
OS fingerprint not ideal because: Host distance (7 network hops) is greater than five
No OS matches for host
Network Distance: 7 hops
My question is how to force for one IP a suggestion of related OS?
Thanks for any suggestions.
heewey
November 3, 2021, 3:00pm
2
I dig deeper into this OS fingerprint result via Nmap, which is probably used in the Greenbone scan.
I need to specify more Nmap switches in scan settings to prevent OS gues with irrelevant results.
I need to add “nmap -sV -O -T5 ” to use these switches permanently.
Is Nmap feature hardcoded? Or how to achieve these changes?
Thanks for any suggestions.
heewey
November 3, 2021, 3:18pm
3
I found this option - Scan Config NVT Ping Host - where is defined Nmap timing policy.
For me would be sufficient to change it to “Insane” which means -T5 in Nmap command.
T0
T1
T2
T3
T4
T5
Name
Paranoid
Sneaky
Polite
Normal
Aggressive
Insane
min-rtt-timeout
100
100
100
100
100
50
max-rtt-timeout
300,000
15,000
10,000
10,000
1,250
300
initial-rtt-timeout
300,000
15,000
1,000
1,000
500
250
max-retries
10
10
10
10
6
2
Initial (and minimum) scan delay (--scan-delay
)
300,000
15,000
400
0
0
0
Maximum TCP scan delay
300,000
15,000
1,000
1,000
10
5
Maximum UDP scan delay
300,000
15,000
1,000
1,000
1,000
1,000
host-timeout
0
0
0
0
0
900,000
min-parallelism
Dynamic, not affected by timing templates
max-parallelism
1
1
1
Dynamic
Dynamic
Dynamic
min-hostgroup
Dynamic, not affected by timing templates
max-hostgroup
Dynamic, not affected by timing templates
min-rate
No minimum rate limit
max-rate
No maximum rate limit
defeat-rst-ratelimit
Not enabled by default
Who is facing the same behavior regarding wrong OS detection, this should be an easy workaround how to refine the test.
1 Like
DeeAnn
November 5, 2021, 9:03am
4
Very cool @heewey , I’m glad you got it working and thank you for sharing the solution.