Cisco switch SG350 recognized OS as Windows

Hello,

I was faced with the wrongly recognized OS on Cisco switch SG350 which was marked as Windows OS. Therefore was applied a few vulnerabilities which were false positives. The highest is “OpenSSH Multiple Vulnerabilities Jan17 (Windows)” on port 22. I´m not sure which can cause this behavior, but my nmap -O -v give me:

OS fingerprint not ideal because: Host distance (7 network hops) is greater than five
No OS matches for host
Network Distance: 7 hops

My question is how to force for one IP a suggestion of related OS?

Thanks for any suggestions.

I dig deeper into this OS fingerprint result via Nmap, which is probably used in the Greenbone scan.

I need to specify more Nmap switches in scan settings to prevent OS gues with irrelevant results.

I need to add “nmap -sV -O -T5” to use these switches permanently.

Is Nmap feature hardcoded? Or how to achieve these changes?

Thanks for any suggestions.

I found this option - Scan Config NVT Ping Host - where is defined Nmap timing policy.

image800×521 13.8 KB

For me would be sufficient to change it to “Insane” which means -T5 in Nmap command.

Who is facing the same behavior regarding wrong OS detection, this should be an easy workaround how to refine the test.

Very cool @heewey, I’m glad you got it working and thank you for sharing the solution.