The xprobe2 development team is pleased to announce the immediate
availability of Xprobe2 v0.2.2. Xprobe2 is a remote active operating
system fingerprinting tool which uses advanced techniques, some which
where first to be introduced with Xprobe2, such as the usage of
statistical analysis ('fuzzy logic') to match between probe response(s)
to its signature database and others, in order to provide with accurate
results regarding the underlying operating system of a probed

Version 0.2.2 fixes a number of bugs and introduces more features:

- Added a new fingerprinting module: TCP RST|ACK
- Added the keywords: 'icmp_echo_reply = [y,n]' and 'icmp_unreach_reply
= [y,n]'
- Added TCP ports for the '-B' command line option which searches for
an opened TCP port for the SYN|ACK module. The TCP ports queried are:
80, 443, 23, 21, 25, 22, 139, 445, 6000. A SYN request will be sent to
a TCP port on the list only if the previous TCP port on the list is
closed or not responding.
- Added a new experimental module for the detection of network
obstacles between the scanning system to the target. The module is used
together with the port scanner, and is enabled with the usage of a the
'-A' command line option.

Changes made to the signature DB:

- The signature DB was updated to reflect the new R|A fingeprinting
module and the new keywords introduces
- Added signature for Linux Kernel 2.6.10
- Added signature for Foundry Networks IronWare based devices versions
07.6.04aT51, 07.7.01eT53
- Added signatures for a number of HP JetDirect Printers

Unique abilities with Xprobe2 v0.2.2:
The ability to distinguish between the following groups of Linux

The new version of xprobe2 can be downloaded from:

SHA-1: 2e32ba37e3e9495c635b8b93887d9a9634f0a54e
MD5: 8eea1406d035827bb8bfeb0536622e1f

The Xprobe2 development team,
Fyodor Yarochkin (fyodor at (nospam) o0o dot nu)
Ofir Arkin (ofir at (nospam) sys-security dot com)
Meder Kydyraliev (meder at (nospam) o0o dot nu)

firewall-wizards mailing list