Nmap Development mailing list archives
RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005
From: "Thomas Buchanan" <TBuchanan () thecompassgrp net>
Date: Thu, 7 Feb 2008 18:21:49 -0600
-----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of doug () hcsw org Sent: Sunday, January 13, 2008 5:07 PM To: nmap-dev () insecure org Subject: Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Hi Tom! On Tue, Jan 08, 2008 at 06:54:02PM -0600 or thereabouts, Tom Sellers wrote:Based on the feedback from Doug and Fyodor I have generated a probe/match set for Microsoft SQL Server 2000 and 2005.Thanks a lot for this probe. It looks good and I just checked it into SVN with the following minor changes: * Moved version numbers into the v// field * Commented out the "catch all" match line so that we will hopefully see fingerprints for new MSSQL versions as they come out and then can report their versions more specifically * Added a rarity value of 8 because I don't think this service is common enough to be scanned against all ports (hopefully this isn't my unix bias showing through) This should complement Thomas's MSSQLm.nse script nicely. Thanks for helping! Doug
Thanks again to Tom, et al. for getting these probes and matches built. They've been very helpful, as this seems to be the most accurate way to determine actual patch levels for SQL Server. Here's a few updates and additions. The most significant change is to the service field, which I changed from "mssql" to "ms-sql-s", which matches the services file, and the style of the MS SQL UDP probes. from nmap-services: ms-sql-s 1433/tcp # Microsoft-SQL-Server ms-sql-s 1433/udp # Microsoft-SQL-Server ms-sql-m 1434/tcp # Microsoft-SQL-Monitor ms-sql-m 1434/udp # Microsoft-SQL-Monitor from nmap-service-probes: Probe UDP Sqlping q|\x02| rarity 6 ports 1434 match ms-sql-m <snip actual matches> If there's a reason to stay with the existing "mssql" service name, just let me know, and I'll submit a patch with the just the version additions. Other than that change, this patch adds specific version detection for SQL Server 2000 RTM, RTMa, SP1, SP2, and SP3, and makes a couple of minor changes to version numbers that were already detected. As always, comments or questions are welcome. Thomas
Attachment:
ms-sql-services.patch
Description: ms-sql-services.patch
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Microsoft SQL Server fingerprints for SQL 2000 and 2005 Tom Sellers (Jan 08)
- RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Thomas Buchanan (Jan 08)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Tom Sellers (Jan 09)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Jan 10)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 doug (Jan 13)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Jan 13)
- RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Thomas Buchanan (Feb 07)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Feb 07)
- RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Thomas Buchanan (Feb 08)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Feb 08)
- RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Thomas Buchanan (Jan 08)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Tom Sellers (Feb 28)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Tom Sellers (Feb 28)