1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
# Highly b0gus Fingerprints:
# Fingerprints for Source_IP (sender)
# Format:
# icmp_type:icmp_code:initial_ttl:dont_fragment:ip_options:ip_length:ip_flags:fragment_offset:ip-TOS
# fragment_offset is there for testing at the moment.
# Do we need anything else?
# Some more info:
# http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
# http://phrack.org/issues.html?issue=57&id=7#article
#
# icmp_type: 0 Echo Reply, 3 Destination Unreachable, 8 Echo request...
# icmp_code: Undercode for type 3,5,11,12
# Example: type3,code9 = Destination Unreachable,Network administratively prohibited
# Supports wildcarding on all fields, etc: *:*:*:*:*:*:*:*:@SomeOS:1.1
# Example: 3:3:64:0:.:*:0:0:@Linux:2.6
#### Linux
# Echo request (8)
8:0:64:1:.:84:2:0:0:@Linux:2.6
8:0:64:1:.:28:2:0:0:@Linux:2.6 fedora
#8:0:64:1:.:48:2:0:*:?:?
# PWS - Panter Web Server? panthercdn.com
8:0:32:0:.:28:0:0:0:@Linux:PWS 1.4.20/21
8:0:32:0:.:28:0:0:128:@Linux:PWS 1.4.22
# Echo reply (0)
#0:0:64:0:.:*:0:0:*:@Linux:2.6
0:0:64:0:.:84:0:0:0:@Linux:2.6 (Pinged by @Linux)
0:0:64:0:.:61:0:0:0:@Linux:2.6 (Pinged by @Windows)
0:0:64:0:.:60:0:0:0:@Linux:2.6 (Pinged by Vista (SP2))
0:0:64:0:.:28:0:0:0:@Linux:2.6 (Pinged by nmap)
0:0:64:0:.:64:0:0:0:@Linux:2.6 (Pinged by Superscan?)
# Destination Unreachable (3)
#3:10:64:0:.:88:0:0:0:@Linux:2.6 fedora
3:10:64:0:.:*:0:0:0:@Linux:2.6 fedora
3:3:64:0:.:*:0:0:192:@Linux:2.6 (3)
3:3:64:0:.:*:0:0:0:Linux:2.6 (newer, 7)
#3:1:64:0:.:134:0:0:0
3:1:64:0:.:*:0:0:192:@Linux:2.6 (1)
3:0:64:0:.:*:0:0:192:@Linux:2.6 (0)
#
11:0:64:0:.:*:0:0:0:@Linux:2.6
#### FreeBSD
# Echo request (8)
8:0:64:0:.:84:0:0:0:@FreeBSD:7
# Echo reply (0)
0:0:64:1:.:84:2:0:0:@FreeBSD:7
# Source Quench (4)
4:0:64:1:.:56:2:0:0:@FreeBSD:Old?
#### OpenBSD
# Echo request (8)
# Echo reply (0)
#0:0:255:1:.:84:2:0:0:@OpenBSD:4
#### Windows
# Echo request (8)
8:0:128:0:.:60:0:0:0:@Windows:XP/Vista
8:0:128:0:.:61:0:0:32:@Windows:122.121.26.114
8:0:32:0:.:92:0:0:0:@Windows:XP/Vista tracert
8:0:32:0:.:60:0:0:0:@Windows:Vista
# Echo reply (0)
0:0:128:1:.:84:2:0:0:@Windows:2000, 2003, XP, Vista, 2008
0:0:64:1:.:84:2:0:0:@Windows:98
#### Solaris
0:0:32:1:.:84:2:0:0:@Sun:Solaris?(Pinged by Linux)
#### HP-UX
8:0:255:0:.:84:0:0:0:@HP:HP-UX
8:0:32:0:.:40:0:0:0:@HP:HP-UX traceroute
# Misc/Wildcards/Others
# Echo request (8)
8:0:128:0:.:61:0:0:0:@Windows:MS?
8:0:64:0:.:28:0:0:0:@nmap:Ping
8:0:64:0:.:64:0:0:0:@F5:Big-IP
8:0:64:0:.:64:0:0:4:@F5:Big-IP
8:0:64:0:.:69:0:0:0:Juniper:NetScreen
8:0:255:0:.:28:0:0:0:@Cisco:7200, Catalyst 3500, etc
#3:13:255:0:.:56:0:0:0:?:?
8:0:128:0:.:64:0:0:0:@Misc:87.238.157.6
# Echo reply (0)
0:0:64:0:.:84:0:0:0:Juniper:NetScreen
0:0:128:0:.:84:0:0:0:@Misc:Firewall
0:0:255:1:.:84:2:0:0:@Misc:Cisco,3com,OpenBSD,Solaris (1)
0:0:255:1:.:84:2:0:4:@Misc:Cisco,3com,OpenBSD,Solaris (2)
0:0:255:0:.:84:0:0:0:@Misc:F5 Big-IP?
#0:0:255:1:.:84:2:0:0:@Cisco:IOS
#0:0:255:1:.:84:2:0:0:@3com:wlan-ruter
#0:0:255:1:.:84:2:0:0:@OpenBSD:4
### UNKNOWN ###
# Echo request (8)
#8:0:64:1:.:84:2:0:0:@Win/Lin:??
#8:0:64:0:.:84:0:0:0:@Misc:??
#8:0:255:0:.:28:0:0:0:@UNKNOWN:??
#8:0:64:0:.:64:0:0:0:@UNKNOWN:??
#8:0:32:0:.:28:0:0:0:@UNKNOWN:??
#8:0:128:1:.:1348:2:0:0:@UNKNOWN:59.163.221.40
#8:0:128:1:.:1428:2:0:0:@UNKNOWN:59.163.221.40
#8:0:128:1:.:1228:2:0:0:@UNKNOWN:59.163.221.40
# Echo reply (0)
#0:0:64:0:.:61:0:0:0:@UNKNOWN:??
#0:0:64:0:.:36:0:0:0:@UNKNOWN:??
#
#11:0:255:0:.:56:0:0:0
#3:13:255:0:.:56:0:0:0
#3:3:255:0:.:88:0:0:192:
#11:0:255:1:.:172:2:0:0
#11:0:64:0:.:96:0:0:0
|
