Page 1 of 1
Auto-Discovery Detection Accuracy
Posted: Fri Sep 13, 2019 9:02 am
by stf_792
Hello
Nagios XI V 5.6.6
I did not use Auto Discover feature since v 4.x (2-3 years ago)
My network configuration did not change (at least for the subnet I want to scan)
I am trying it now, and noticing strange behavior.
My Windows 2008R2 Detected as Cisco MDS 9509 switch (NX-OS 4.2)
Server 2012 / 2012R2 are detected as Linksys BEFW11S4 WAP
One 2008R2 SP1 server detected as 2008 SP1
Linux Servers, real Cisco equipment are detected properly.
What can I do to bring OS detection accuracy to same level as it was in 4.x?
Thank you.
Re: Auto-Discovery Detection Accuracy
Posted: Fri Sep 13, 2019 9:53 am
by eloyd
OS detection is based on nmap, which is provided by your system's software reporisitories. I'd investigate if there's a newer version available for your OS that has better or more complete or updated OS Detection.
Re: Auto-Discovery Detection Accuracy
Posted: Fri Sep 13, 2019 11:46 am
by stf_792
current version 6.47
Code: Select all
#yum update nmap
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/x86_64/metalink | 15 kB 00:00:00
* base: ftpmirror.your.org
* epel: mirror.team-cymru.com
* extras: ftpmirror.your.org
* updates: ftpmirror.your.org
base | 3.6 kB 00:00:00
epel | 5.3 kB 00:00:00
extras | 3.4 kB 00:00:00
nagios-base | 1.5 kB 00:00:00
nagiosxi-deps | 1.5 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/3): epel/x86_64/updateinfo | 1.0 MB 00:00:00
(2/3): nagios-base/primary | 13 kB 00:00:00
(3/3): epel/x86_64/primary_db | 6.8 MB 00:00:00
nagios-base 97/97
No packages marked for update
Re: Auto-Discovery Detection Accuracy
Posted: Fri Sep 13, 2019 1:23 pm
by stf_792
Looks like this is definitely nmap problem
even with the latest database it cant detect windows with IIS web server
running nmap -v -Pn -O "my server" - Windows 2012 R2
Code: Select all
Device type: WAP|general purpose
Running (JUST GUESSING): Linksys embedded (89%), Linux 2.6.X (85%), HP HP-UX 11.X (85%)
OS CPE: cpe:/h:linksys:befw11s4 cpe:/o:linux:linux_kernel:2.6 cpe:/o:hp:hp-ux:11
Aggressive OS guesses: Linksys BEFW11S4 WAP (89%), Linux 2.6.32 (85%), HP HP-UX B.11.11 - B.11.23 (85%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 6.143 days (since Sat Sep 7 08:24:47 2019)
TCP Sequence Prediction: Difficulty=257 (Good luck!)
IP ID Sequence Generation: Incremental
Re: Auto-Discovery Detection Accuracy
Posted: Fri Sep 13, 2019 3:45 pm
by mbellerue
This is going to be affected by the firewall running on Windows. If you have only exactly the ports necessary for operation open to the network (which is a good idea, don't get me wrong), it's going to hamper nmap's ability to guess the OS. I have a Server 2016 R2 domain controller with default firewall rules, sans ICMPv4/6, and nmap guessed the OS to be anything Windows 7 or up, including Windows Phone
. Allowing ICMPv4/6 through, nmap was able to narrow the results down to a Windows Server OS 2012 or newer.
So the lesson is that some pretty small changes to a firewall can drastically affect nmap's ability to guess your OS.