Nmap Development mailing list archives
Re: More Service Detection Notes
From: Fyodor <fyodor () insecure org>
Date: Tue, 1 Aug 2006 00:28:21 -0700
On Tue, Jul 25, 2006 at 10:19:22PM -0700, doug () hcsw org wrote:
Thanks to Google's Summer of Code I was again able to spend the last week integrating your service detection submissions! Thank you to everybody who submitted.
Yay! To you and the submitters. The updates will be in the next release.
As usual, I've added a blog entry with an edited selection of my notes: http://www.hcsw.org/blog.pl?a=19&b=19 I discuss Skype 2.0, Cisco ACNS, protocols that consider remote source ports, outbound filtered tcp/25, and more.
But the best part is the gallery of bizarre service banners :). Watch out for the Browser Sux Error! BTW, I noticed that the Haxdoor trojan signature mentioned in your blog seems to be missing a p// element. So I added one (after a bit of Googling): -match backdoor m|^A-311 Death welcome\x001\.87| i/**BACKDOOR**/ o/Windows/ +match backdoor m|^A-311 Death welcome\x001\.87| p/Haxdoor trojan/ i/**BACKDOOR**/ o/Windows/ Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- More Service Detection Notes doug (Jul 25)
- Re: More Service Detection Notes (Skype) Brandon Enright (Jul 25)
- Re: More Service Detection Notes (Skype) doug (Jul 26)
- Re: More Service Detection Notes (Skype) Brandon Enright (Jul 26)
- Re: More Service Detection Notes (Skype) Fyodor (Jul 27)
- Re: More Service Detection Notes (Skype) Brandon Enright (Jul 27)
- Re: More Service Detection Notes (Skype) doug (Jul 26)
- Re: More Service Detection Notes (Skype) Brandon Enright (Jul 25)
- Re: More Service Detection Notes Fyodor (Aug 01)
- Re: More Service Detection Notes doug (Aug 01)
- Re: More Service Detection Notes Brandon Enright (Aug 02)
- Re: More Service Detection Notes Fyodor (Aug 02)