Nmap Development mailing list archives

Re: new service probes (Re: Nmap 3.51-TEST3: MAC address lookup & display)

From: Martin Mačok <martin.macok () underground cz>
Date: Mon, 5 Jul 2004 12:02:21 +0200

On Mon, Jul 05, 2004 at 01:27:25AM -0700, Fyodor wrote:

Thanks!  I have applied it for the next version of Nmap (coming soon
... quite possibly before I leave for HOPE 5 on Wednesday).


Maybe I will catch you with theese :-)

 - new matches:
    Barracuda Spam firewall
    BMC Perform Service Daemon
    AIX Web-based System Manager
 
 - fixes:
    Kazaa sometimes uses "\r\n" and sometimes just "\n" on the first line
     (maybe it's version-specific? hint!)

(diff against v1.38 2004/07/05)


--- nmap-service-probes.orig    2004-07-05 11:44:05.000000000 +0200
+++ nmap-service-probes 2004-07-05 11:54:42.000000000 +0200
@@ -781,6 +781,8 @@
 
 match pcp m|^\0\0\0\x14\0\0p\0\0\0..\0\0\0\0\x02\x01\0\0| v/SGI Performance Co-Pilot///
 
+match smtp m|^220 SPAM, we hates it.\r\n| v/Barracuda Spam firewall///
+
 ##############################NEXT PROBE##############################
 Probe TCP GenericLines q|\r\n\r\n|
 ports 21,23,43,98,110,113,199,505,540,628,1040,1248,1467,1501,2010,3333,5432,5555,6112,6667-6670,11965,30444
@@ -890,6 +892,8 @@
 match whois m|^%  No entries found for the selected source\(s\)\.\n$| v/Merit IRRD whoisd///
 match zebedee m|^\x02\x01$| v/Zebedee encrypted tunnel///
 
+match bmc-perform-service m|^SDPACK$| v/BMC Perform Service Daemon///
+
 ##############################NEXT PROBE##############################
 Probe TCP GetRequest q|GET / HTTP/1.0\r\n\r\n|
 ports 
70,79,80-85,88,113,139,143,280,497,515,540,554,631,783,993,995,1220,1503,2030,3052,3128,3372,3531,3689,5000,5432,5800,5900,6699,7070,8000-8010,8080-8085,8880-8888,9090,9999,10000,10005,11371,13722,15000,40193,4711
@@ -1252,7 +1256,7 @@
 
 # Jabber 1.4.2
 match jabber m|^<stream:error>Invalid XML</stream:error>$| v/Jabber instant messaging server///
-match kazaa-http m|^HTTP/1\.0 404 Not Found\r\nX-Kazaa-Username: ([-.+\w]+)\r\nX-Kazaa-Network: ([-.\w]+)\r\n| v/KaZaA 
P2P client//username: $1; network: $2/
+match kazaa-http m|^HTTP/1\.0 404 Not Found\(\r\)?\nX-Kazaa-Username: ([-.+\w]+)\r\nX-Kazaa-Network: ([-.\w]+)\r\n| 
v/KaZaA P2P client//username: $1; network: $2/
 match kazaa-peerpoint m|^HTTP/1\.0 404 Not Found\n\r\n$| v/KaZaA P2P client Peer Point Manager///
 match msdtc m|^...\0..$|s v/Microsoft Distributed Transaction Coordinator///
 match msdtc m|^ERROR\n$|s v/Microsoft Distributed Transaction Coordinator//error/
@@ -1320,6 +1324,8 @@
 
 match xml-rpc m|^HTTP/1\.0 400 Bad Request\r\nServer: Apache XML-RPC (\d[-.\w ]+)\r\n\r\nMethod GET not implemented 
\(try POST\)$| v/Apache XML-RPC/$1//
 
+match wsmserver m|^Language received from client: GET\nSetlocale: C\n$| v/AIX Web-based System Manager///
+
 ##############################NEXT PROBE##############################
 Probe TCP HTTPOptions q|OPTIONS / HTTP/1.0\r\n\r\n|
 ports 80,5232,6000



Martin Mačok
IT Security Consultant

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org

Current thread:

Re: new service probes (Re: Nmap 3.51-TEST3: MAC address lookup & display) Fyodor (Jul 05)
- Re: new service probes (Re: Nmap 3.51-TEST3: MAC address lookup & display) Martin Mačok (Jul 05)
  - Re: new service probes (Re: Nmap 3.51-TEST3: MAC address lookup & display) Fyodor (Jul 05)