OS Fingerprinting Question

Answered Question
Jul 2nd, 2010
User Badges:

I've limited OS mapping and APR to a specific set of IPs (my inside network), but I still see outside IP addresses showing up in the list of learned OS.  is this normal?  I tried clearing out the learned OS list, but am still seeing the outside addresses populating.


I've seen this on 7.03(2)E4 and 7.0(3)E4 and on 3 different units (2 AIP-SSM20s and a 4240).


Thanks.

Correct Answer by Scott Fringer about 7 years 3 weeks ago

This is expected behavior - the setting restircts the calculation of the Attack Relevenacy Rating to the configured range, not the actual OS identification process.


Scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Scott Fringer Fri, 07/02/2010 - 11:11
User Badges:
  • Cisco Employee,

This is expected behavior - the setting restircts the calculation of the Attack Relevenacy Rating to the configured range, not the actual OS identification process.


Scott

terrygwazdosky Fri, 07/02/2010 - 11:14
User Badges:

OK, thanks.  The verbage led me to believe it restricted collection of fingerprint data as well.

Scott Fringer Fri, 07/02/2010 - 11:15
User Badges:
  • Cisco Employee,

Yes, it is a confusing phrasing within the IDM GUI.


Scott

Actions

This Discussion