Nmap Development mailing list archives
Re: bizarre false positive (?) in service detection
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 13 Apr 2007 15:54:28 +0000
On Fri, 13 Apr 2007 10:39:51 -0500 "DePriest, Jason R." <jrdepriest () gmail com> wrote:
With the skype line commented out of the service-probe file, nmap is unable to determine what is running on the port.
Nmap should provide you with a service fingerprint for submission. This service looks pretty easy to match so go ahead and submit it.
Which is sort of strange since ---- jrdepriest@ebizsrvb:/usr/local/share/nmap$ telnet <SCANNERTARGET> 25 Trying <SCANNERTARGET>... Connected to <SCANNERTARGET>. Escape character is '^]'. 220 DP-6020 EHLO 250-Hello 250-DSN 250 CONNEG MAIL TO: 501 Syntax error in parameters RCPT FROM: 503 Need MAIL before RCPT 554 command not support 554 command not support Connection closed by foreign host. ---- See attached for nmap's fingerprint of the port. I'll do some packet captures if I get time to find a pattern. Thanks for the suggestions. -Jason
If you don't get a fingerprint it may be because we don't have a probe for "EHLO". Go ahead and try adding it to your service probes file like so: Probe TCP Hello q|EHLO\r\n| rarity 5 ports 25,587 sslports 465 totalwaitms 7500 If you are still having trouble getting a fingerprint let us know and we'll try to figure it out. Brandon _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- bizarre false positive (?) in service detection DePriest, Jason R. (Apr 12)
- Re: bizarre false positive (?) in service detection DePriest, Jason R. (Apr 12)
- Re: bizarre false positive (?) in service detection Brandon Enright (Apr 12)
- Re: bizarre false positive (?) in service detection DePriest, Jason R. (Apr 12)
- Re: bizarre false positive (?) in service detection DePriest, Jason R. (Apr 13)
- Re: bizarre false positive (?) in service detection Brandon Enright (Apr 13)
- Re: bizarre false positive (?) in service detection DePriest, Jason R. (Apr 13)
- Re: bizarre false positive (?) in service detection Brandon Enright (Apr 13)
- Re: bizarre false positive (?) in service detection doug (Apr 13)
- Re: bizarre false positive (?) in service detection Brandon Enright (Apr 12)
- Re: bizarre false positive (?) in service detection DePriest, Jason R. (Apr 12)