OS Fingerprinting Question

Answered Question
Jul 2nd, 2010

I've limited OS mapping and APR to a specific set of IPs (my inside network), but I still see outside IP addresses showing up in the list of learned OS.  is this normal?  I tried clearing out the learned OS list, but am still seeing the outside addresses populating.

I've seen this on 7.03(2)E4 and 7.0(3)E4 and on 3 different units (2 AIP-SSM20s and a 4240).

Thanks.

I have this problem too.
0 votes
Correct Answer by Scott Fringer about 6 years 5 months ago

This is expected behavior - the setting restircts the calculation of the Attack Relevenacy Rating to the configured range, not the actual OS identification process.

Scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Scott Fringer Fri, 07/02/2010 - 11:11

This is expected behavior - the setting restircts the calculation of the Attack Relevenacy Rating to the configured range, not the actual OS identification process.

Scott

terrygwazdosky Fri, 07/02/2010 - 11:14

OK, thanks.  The verbage led me to believe it restricted collection of fingerprint data as well.

Actions

This Discussion