Commit 16e28042 authored by Mati's avatar Mati

Imported Upstream version 0.4

parents
CREATE OR REPLACE AND COMPILE JAVA SOURCE NAMED "RunC" AS
import java.io.*;
public class RunC{
public static String Run(String cmd){
try{
Process p = Runtime.getRuntime().exec(cmd);
BufferedReader br = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line = null;
String result = "";
while((line = br.readLine()) != null) {
result += line + "\n");
}
return(result);
}
catch (Exception e){
return(e.getMessage());
}
}
}
/
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
-2
-1
0
1
2
8
-8
9
-9
16
-16
17
-17
32
-32
33
-33
2147483647
-2147483647
2147483648
-2147483648
3.40282346638528860e+38
-3.40282346638528860e+38
3.40282346638528861e+38
-3.40282346638528861e+38
3.40282346638528860e+39
-3.40282346638528860e+39
This diff is collapsed.
This diff is collapsed.
#
# p0f - SYN+ACK fingerprints
# --------------------------
#
# .-------------------------------------------------------------------------.
# | The purpose of this file is to cover signatures for outgoing TCP/IP |
# | connections (SYN+ACK packets). This mode of operation can be enabled |
# | with -A option. Please refer to p0f.fp for information on the metrics |
# | used to create a signature, and for a guide on adding new entries to |
# | those files. This database is somewhat neglected, and is looking for a |
# | caring maintainer. |
# `-------------------------------------------------------------------------'
#
# (C) Copyright 2000-2006 by Michal Zalewski <lcamtuf@coredump.cx>
#
# Plenty of signatures contributed in bulk by rain forest puppy, Paul Woo and
# Michael Bauer.
#
# Submit all additions to the authors. Read p0f.fp before adding any
# signatures. Run p0f -A -C after making any modifications. This file is
# NOT compatible with SYN, RST+, or stray ACK modes. Use only with -A option.
#
# Feel like contributing? You can run p0f -A -K, then test/tryid -iR nnn...
#
# IMPORTANT INFORMATION ABOUT THE INTERDEPENDENCY OF SYNs AND SYN+ACKs
# --------------------------------------------------------------------
#
# Some systems would have different SYN+ACK fingerprints depending on
# the system that sent SYN. More specifically, RFC1323, RFC2018 and
# RFC1644 extensions sometimes show up only if SYN had them enabled.
#
# Also, some silly systems may copy WSS from the SYN packet you've sent,
# in which case, you need to wildcard the value. Use test/sendsyn.c, which
# uses a distinct WSS of 12345, to test for this condition if unsure.
#
# IMPORTANT INFORMATION ABOUT DIFFERENCES IN COMPARISON TO p0f.fp:
# ----------------------------------------------------------------
#
# - 'A' quirk would be present on almost every signature here. ACK number
# is unusual for SYN packets, but is a commonplace in SYN+ACK packets,
# of course. It is still possible to have a signature without 'A', when
# the ACK flag is present but the value is zero - this, however, is
# very uncommon.
#
# - 'T' quirk would show up on almost all signatures for systems implementing
# RFC1323. The second timestamp is only unusual for SYN packets. SYN+ACK
# are expected to have it set.
#
##########################
# Standard OS signatures #
##########################
# ---------------- Linux -------------------
32736:64:0:44:M*:A:Linux:2.0
S22:64:1:60:M*,S,T,N,W0:AT:Linux:2.2
S22:64:1:52:M*,N,N,S,N,W0:A:Linux:2.2 w/o timestamps
5792:64:1:60:M*,S,T,N,W0:AT:Linux:older 2.4
5792:64:1:60:M*,S,T,N,W0:ZAT:Linux:recent 2.4 (1)
S4:64:1:44:M*:ZA:Linux:recent 2.4 (2)
5792:64:1:44:M*:ZA:Linux:recent 2.4 (3)
S4:64:1:52:M*,N,N,S,N,W0:ZA:Linux:2.4 w/o timestamps
# --------------- Windows ------------------
65535:128:1:64:M*,N,W0,N,N,T0,N,N,S:A:Windows:2000 SP4
S44:128:1:64:M*,N,W0,N,N,T0,N,N,S:A:Windows:XP SP1
S12:128:1:64:M*,N,W0,N,N,T0,N,N,S:A:Windows:2000 (SP1+)
S6:128:1:44:M*:A:Windows:NT 4.0 SP1+
65535:128:1:48:M*,N,N,S:A:Windows:98 (SE)
65535:128:1:44:M*:A:Windows:2000 (1)
16616:128:1:44:M*:A:Windows:2003
16384:128:1:44:M*:A:Windows:2000 (2)
S16:128:1:44:M*:A:Windows:2000 (3)
# ------------------- OpenBSD --------------
17376:64:1:64:M*,N,N,S,N,W0,N,N,T:AT:OpenBSD:3.3
# ------------------- NetBSD ----------------
16384:64:0:60:M*,N,W0,N,N,T0:AT:NetBSD:1.6
# ----------------- HP/UX ------------------
32768:64:1:44:M*:A:HPUX:10.20
# ----------------- Tru64 ------------------
S23:60:0:48:M*,N,W0:A:Tru64:5.0 (1)
65535:64:0:44:M*:A:Tru64:5.0 (2)
# ----------------- Novell -----------------
6144:128:1:52:M*,W0,N,S,N,N:A:Novell:Netware 6.0 (SP3)
32768:128:1:44:M*:A:Novell:Netware 5.1
# ------------------ IRIX ------------------
60816:60:1:60:M*,N,W0,N,N,T:AT:IRIX:6.5.0
# ----------------- Solaris ----------------
49232:64:1:64:N,N,T,M*,N,W0,N,N,S:AT:Solaris:9 (1)
S1:255:1:60:N,N,T,N,W0,M*:AT:Solaris:7
24656:64:1:44:M*:A:Solaris:8
33304:64:1:60:N,N,T,M*,N,W1:AT:Solaris:9 (2)
# ----------------- FreeBSD ----------------
65535:64:1:60:M*,N,W1,N,N,T:AT:FreeBSD:5.0
57344:64:1:44:M*:A:FreeBSD:4.6-4.8
65535:64:1:44:M*:A:FreeBSD:4.4
57344:64:1:48:M1460,N,W0:A:FreeBSD:4.6-4.8 (wscale)
57344:64:1:60:M1460,N,W0,N,N,T:AT:FreeBSD:4.6-4.8 (RFC1323)
# ------------------- AIX ------------------
S17:255:1:44:M536:A:AIX:4.2
S12:64:0:44:M1460:A:AIX:5.2 ML04 (1)
S42:64:0:44:M1460:A:AIX:5.2 ML04 (2)
# ------------------ BSD/OS ----------------
S6:64:1:60:M1460,N,W0,N,N,T:AT:BSD/OS:4.0.x
# ------------------ OS/390 ----------------
2048:64:0:44:M1460:A:OS/390:?
# ------------------ Novell ----------------
6144:128:1:44:M1400:A:Novell:iChain 2.2
# ------------------ MacOS -----------------
33304:64:1:60:M*,N,W0,N,N,T:AT:MacOS:X 10.2.6
#################################################################
# Contributed by Ryan Kruse <rkruse@alterpoint.com> - trial run #
#################################################################
# S4:255:0:44:M1024:A:Cisco:LocalDirector
# 1024:255:0:44:M536:A:Cisco,3COM,Nortel:CatIOS,SuperStack,BayStack
# S16:64:0:44:M512:A:Nortel:Contivity
# 8192:64:0:44:M1460:A:Cisco,Nortel,SonicWall,Tasman:Aironet,BayStack Switch,Soho,1200
# 4096:255:0:44:M1460:A:Cisco:PIX,CatOS
# 8192:128:0:44:M1460:A:Cisco:VPN Concentrator
# 8192:128:0:60:M1460,N,W0,N,N,T:AT:Cisco:VPN Concentrator
# 4096:32:0:44:M1460:A:Cisco,3COM,Extreme,Nortel:Catalyst Switch CatOS,CoreBuilder,Summit,Passport
# S4:255:0:44:M536:ZA:Cisco:IOS
# 1024:32:0:44:M1480:UA:Nortel:BayStack Switch
# 4096:60:0:44:M1460:A:Adtran:NetVanta
# 4096:64:0:44:M1008:A:Adtran:TSU
# S4:32:0:44:M1024:A:Alcatel:Switch
# S8:255:0:44:M536:ZA:Cisco:IOS
# 50:255:0:44:M536:ZA:Cisco:CatIOS
# 512:64:0:40:.:A:Dell:Switch
# 4096:64:0:40:.:A:Enterasys:Vertical Horizon Switch
# 17640:64:1:44:M1460:A:F5,Juniper,RiverStone:BigIP,Juniper OS,Router 7.0+
# 16384:64:0:44:M1460:A:Foundry,SonicWall:BigIron,TZ
# 4096:64:0:44:M1452:A:HP:ProCurve Switch
# 1024:64:0:44:M1260:A:Marconi:ES
# 10240:30:0:44:M1460:A:Milan:Switch
# 4096:64:0:44:M1380:A:NetScreen:Firewall
# S32:64:0:44:M512:A:Nokia:CheckPoint
# 1024:64:0:44:M536:A:Nortel:BayStack Switch
# 4128:255:0:44:M*:ZA:Cisco:IOS
# 1024:16:0:44:M536:A:Nortel:BayStack Switch
# 1024:30:0:44:M1480:A:Nortel:BayStack Switch
# S4:64:0:44:M1460:A:Symbol:Spectrum Access Point
# S2:255:0:44:M512:A:ZyXEL:Prestige
# S16:255:0:44:M1024:A:ZyXEL:ZyAI
###########################################
# Appliance / embedded / other signatures #
###########################################
16384:64:1:44:M1460:A:F5:BigIP LB 4.1.x (sometimes FreeBSD)
4128:255:0:44:M*:ZA:Cisco:Catalyst 2900 12.0(5)
4096:60:0:44:M*:A:Brother:HL-1270N
S1:30:0:44:M1730:A:Cyclades:PR3000
8192:64:1:44:M1460:A:NetApp:Data OnTap 6.x
5792:64:1:60:W0,N,N,N,T,M1460:ZAT:FortiNet:FortiGate 50
S1:64:1:44:M1460:A:NetCache:5.3.1
S1:64:0:44:M512:A:Printer:controller (?)
4096:128:0:40:.:A:Sequent:DYNIX 4.2.x
S16:64:0:44:M512:A:3Com:NBX PBX (BSD/OS 2.1)
16000:64:0:44:M1442:A:CastleNet:DSL router
S2:64:0:44:M32728:A:D-Link:DSL-500
S4:60:0:44:M1460:A:HP:JetDirect A.05.32
8576:64:1:44:M*:A:Raptor:firewall
S12:64:1:44:M1400:A:Cequrux Firewall:4.x
2048:255:0:44:M1400:A:Netgear:MR814
16384:128:0:64:M1460,N,W0,N,N,T0,N,N,S:A:Akamai:??? (1)
16384:128:0:60:M1460,N,W0,N,N,T0:A:Akamai:??? (2)
8190:255:0:44:M1452:A:Citrix:Netscaler 6.1
# Whatever they run. EOL boys...
S6:128:1:48:M1460,E:PA:@Slashdot:or BusinessWeek (???)
#
# p0f - stray ACK signatures
# --------------------------
#
# .-------------------------------------------------------------------------.
# | The purpose of this file is to cover signatures for stray ACK packets |
# | (established session data). This mode of operation is enabled with -O |
# | option and is HIGHLY EXPERIMENTAL. Please refer to p0f.fp for more |
# | information on the metrics used and for a guide on adding new entries |
# | to this file. This database is looking for a caring maintainer. |
# `-------------------------------------------------------------------------'
#
# (C) Copyright 2000-2006 by Michal Zalewski <lcamtuf@coredump.cx>
#
# Submit all additions to the authors. Read p0f.fp before adding any
# signatures. Run p0f -O -C after making any modifications. This file is
# NOT compatible with SYN, SYN+ACK or RST+ modes. Use only with -O option.
#
# IMPORTANT INFORMATION ABOUT THE INTERDEPENDENCY OF SYNs AND ACKs
# ----------------------------------------------------------------
#
# Some systems would have different ACK fingerprints depending on the initial
# SYN or SYN+ACK received from the other party. More specifically, RFC1323,
# RFC2018 and RFC1644 extensions sometimes show up only if the other party had
# them enabled. Hence, the reliability of ACK fingerprints may be affected.
#
# IMPORTANT INFORMATION ABOUT DIFFERENCES IN COMPARISON TO p0f.fp:
# ----------------------------------------------------------------
#
# - Packet size MUST be wildcarded. ACK packets, by their nature, have
# variable sizes, depending on the amount of data carried as a payload.
#
# - Similarly, 'D' quirk is not checked for, and is not allowed in signatures
# in this file. A good number of ACK packets have payloads.
#
# - PUSH flag is excluded from 'F' quirk checks in this mode.
#
# - 'A' quirk is not a bug; all AC packets should have it set; also,
# 'T' quirk is not an anomaly; its absence on systems with T option is.
#
32767:64:1:*:N,N,T:AT:Linux:2.4.2x (local?)
*:64:1:*:.:A:Linux:2.4.2x
32736:64:0:*:.:A:Linux:2.0.3x
57600:64:1:*:N,N,T:AT:FreeBSD:4.8
%12:128:1:*:.:A:Windows:XP
S44:128:1:*:.:A:Windows:XP
#
# p0f - RST+ signatures
# ---------------------
#
# .-------------------------------------------------------------------------.
# | The purpose of this file is to cover signatures for reset packets |
# | (RST and RST+ACK). This mode of operation can be enabled with -A option |
# | and is considered to be least accurate. Please refer to p0f.fp for more |
# | information on the metrics used and for a guide on adding new entries |
# | to this file. This database is looking for a caring maintainer. |
# `-------------------------------------------------------------------------'
#
# (C) Copyright 2000-2006 by Michal Zalewski <lcamtuf@coredump.cx>
#
# Submit all additions to the authors. Read p0f.fp before adding any
# signatures. Run p0f -R -C after making any modifications. This file is
# NOT compatible with SYN, SYN+ACK, or stray ACK modes. Use only with -R
# option.
#
# IMPORTANT INFORMATION ABOUT THE INTERDEPENDENCY OF SYNs AND RST+ACKs
# --------------------------------------------------------------------
#
# Some silly systems may copy WSS from the SYN packet you've sent,
# in which case, you need to wildcard the value. Use test/sendsyn.c for
# "connection refused" and test/sendack.c for "connection dropped" signatures
# - both tools use a distinct WSS of 12345, which is an easy way to tell
# if WSS should be wildcarded.
#
# IMPORTANT INFORMATION ABOUT COMMON IMPLEMENTATION FLAWS
# -------------------------------------------------------
#
# There are several types of RST packets you will surely encounter.
# Some systems, including most reputable ones, are severily brain-damaged
# and generate some illegal combinations from time to time. This is WAY
# more common than with other packet types, because a broken RST does not
# have any immediately noticable consequences; besides, the RFC793 is fairly
# difficult to comprehend when it comes to this type of responses.
#
# P0f will give you a hint on new RST signatures, but it is your duty to
# diagnose the problem and append the proper description when adding the
# signature. Below is a list of valid and invalid states:
#
# - "Connection refused" message: this is a RST+ACK packet, SEQ number
# set to zero, ACK number non-zero. This is a valid response and
# is denoted by p0f as "refused" (quirk combination: K, 0, A).
#
# There are some very cases when this is incorrectly sent in response
# to an unexpected ACK packet.
#
# - Illegal combination: RST+ACK packet, SEQ number set to zero, ACK
# number zero. This is denoted by p0f as "invalid-K0" (quirk combination:
# K and 0, no A).
#
# - Illegal combination: RST+ACK, SEQ number non-zero, ACK number zero
# or non-zero. This is denoted by p0f as "invalid-K" and
# "invalid-KA", respectively (quirk combinations, K, sometimes A, no 0).
#
# This combination is frequently generated by Cisco routers in certain
# configurations in response to ACK (!). Brain dead, by all means, and
# usually a result of (incorrectly) setting ACK flag on a valid RST packet.
#
# - "Connection dropped": RST, sequence number non-zero, ACK zero or
# non-zero. This is denoted as "dropped" and "dropped 2" respectively
# (quirk combinations: no K, sometimes A, no 0). While the ACK value should
# be zeroed, it is not strictly against the RFC, and some systems either
# leak memory there or set it to the value of SEQ.
#
# The latter variant, with non-zero ACK, is particularly common on
# Windows.
#
# - Ilegal combination: RST, SEQ number zero, ACK zero or non-zero.
# Denoted as "invalid-0" and "invalid-0A". Obviously incorrect, and
# will not have the desired effect.
#
# Ok. That's it. RFC793 does not get much respect nowadays.
#
# IMPORTANT INFORMATION ABOUT DIFFERENCES IN COMPARISON TO p0f.fp:
# ----------------------------------------------------------------
#
# - Packet size may be wildcarded. The meaning of wildcard is, however,
# hardcoded as 'size > PACKET_BIG' (defined as 100 in config.h). This is
# because some stupid devices (including Ciscos) tend to send back RST
# packets quoting anything you have sent them in ACK packet previously.
# Use sparingly, only if -X confirms the device actually bounces back
# whatever you send.
#
# - A new quirk, 'K', is introduced to denote RST+ACK packets (as opposed
# to plain RST). This quirk is only compatible with this mode.
#
# - A new quirk, 'Q', is used to denote SEQ number equal to ACK number.
# This happens from time to time in RST and RST+ACK packets, but
# is practically unheard of in other modes.
#
# - A new quirk, '0', is used to denote packets with SEQ number set to 0.
# This happens on some RSTs, and is once again unheard of in other modes.
#
# - 'D' quirk is not a bug; some devices send verbose text messages
# describing why a connection got dropped; it's actually suggested
# by RFC1122. Of course, some systems have their own standards, and
# put all kinds of crap in their RST responses (including FreeBSD and
# Cisco). Use -X to examine those values.
#
# - 'A' and 'T' quirks are not an anomaly in certain cases for the reasons
# described in p0fa.fp.
#
################################
# Connection refused - RST+ACK #
################################
0:255:0:40:.:K0A:Linux:2.0/2.2 (refused)
0:64:1:40:.:K0A:FreeBSD:4.8 (refused)
0:64:1:40:.:K0ZA:Linux:recent 2.4 (refused)
0:128:0:40:.:K0A:Windows:XP/2000 (refused)
0:128:0:40:.:K0UA:-Windows:XP/2000 while browsing (refused)
######################################
# Connection dropped / timeout - RST #
######################################
0:64:1:40:.:.:FreeBSD:4.8 (dropped)
0:255:0:40:.:.:Linux:2.0/2.2 or IOS 12.x (dropped)
0:64:1:40:.:Z:Linux:recent 2.4 (dropped)
0:255:1:40:.:Z:Linux:early 2.4 (dropped)
0:32:0:40:.:.:Xylan:OmniSwitch / Linksys WAP11 AP (dropped)
0:64:1:40:.:U:NetIron:load balancer (dropped)
0:128:1:40:.:QA:Windows:XP/2000 (dropped 2)
0:128:1:40:.:A:-Windows:XP/2000 while browsing (1) (dropped 2)
0:128:1:40:.:QUA:-Windows:XP/2000 while browsing (2) (dropped 2)
0:128:1:40:.:UA:-Windows:XP/2000 while browsing a lot (dropped 2)
0:128:1:40:.:.:@Windows:98 (?) (dropped)
0:64:0:40:.:A:Ascend:TAOS or BayTech (dropped 2)
*:255:0:40:.:QA:Cisco:LocalDirector (dropped 2)
0:64:1:40:.:A:Hasbani:WindWeb (dropped 2)
S23:255:1:40:.:.:Solaris:2.5 (dropped)
#######################################################
# Connection dropped / timeout - RST with description #
#######################################################
0:255:1:58:.:D:MacOS:9.x "No TCP/No listener" (seldom SunOS 5.x) (dropped)
0:255:1:53:.:D:MacOS:8.5 "no tcp, reset" (dropped)
0:255:1:65:.:D:MacOS:X "tcp_close, during connect" (dropped)
0:255:1:54:.:D:MacOS:X "tcp_disconnect" (dropped)
0:255:1:62:.:D:HP/UX:? "tcp_fin_wait_2_timeout" (dropped)
32768:255:1:54:.:D:MacOS:8.5 "tcp_disconnect" (dropped)
0:255:1:63:.:D:@Unknown: "Go away" device (dropped)
0:255:0:62:.:D:SunOS:5.x "new data when detached" (1) (dropped)
32768:255:1:62:.:D:SunOS:5.x "new data when detached" (2) (dropped)
0:255:1:67:.:D:SunOS:5.x "tcp_lift_anchor, can't wait" (dropped)
0:255:0:46:.:D:HP/UX:11.00 "No TCP" (dropped)
# More obscure ones:
# 648:255:1:54:.:D:MacOS:??? "tcp_disconnect" (dropped)
# 0:45:1:53:.:D:MacOS:7.x "no tcp, reset" (dropped)
##############################################
# Connection dropped / timeout - broken RSTs #
##############################################
S12:255:1:58:.:KAD:Solaris:2.x "tcp_disconnect" (dropped, lame)
S43:64:1:40:.:KA:AOL:proxy (dropped, lame)
*:64:1:40:.:KA:FreeBSD:4.8 (dropped, lame)
*:64:1:52:N,N,T:KAT:Linux:2.4 (?) (dropped, lame)
0:255:0:40:.:KAF:3Com:SuperStack II (dropped, lame)
*:255:0:40:.:KA:Intel:Netport print server (dropped, lame)
*:150:0:40:.:KA:Linksys:BEF router (dropped, lame)
*:32:0:44:.:KZD:@NetWare:??? "ehnc" (dropped, lame)
0:64:0:40:.:KQ0:BayTech:RPC-3 telnet host (dropped, lame)
#############################################
# Connection dropped / timeout - extra data #
#############################################
*:255:0:*:.:KAD:Cisco:IOS/PIX NAT + data (1) (dropped, lame)
0:255:0:*:.:D:Windows:NT 4.0 SP6a + data (dropped)
0:255:0:*:.:K0AD:Isolation:Infocrypt accelerator + data (dropped, lame)
*:255:0:*:.:AD:Cisco:IOS/PIX NAT + data (2) (dropped)
*:64:1:*:N,N,T:KATD:Linux:2.4 (?) + data (dropped, lame)
*:64:1:*:.:KAD:FreeBSD:4.8 + data (dropped, lame)
15
21
22
23
24
25
80
81
82
83
84
85
88
90
87
100
120
125
135
136