Nmap Development mailing list archives

Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005

From: Tom Sellers <nmap () fadedcode net>
Date: Thu, 28 Feb 2008 20:35:08 -0600

Tom Sellers wrote:
> Fyodor wrote:
>> On Tue, Jan 08, 2008 at 06:54:02PM -0600, Tom Sellers wrote:
>>> Based on the feedback from Doug and Fyodor I have generated a
>>> probe/match set for Microsoft SQL Server 2000 and 2005.  MS SQL
>>> Server's response to the probe includes the major and minor
>>> software revision in hex.
>> Hi Tom.  Would you send us your latest version of this?  One nit is
>> that the version information should be in v// and not the program name
>> (p//) field.  Maybe including the year in the product name is OK
>> (e.g. Microsoft SQL Server 2005), but the build number and SP should
>> probably be in v// or i// fields as appropriate.  See
>> http://insecure.org/nmap/vscan/vscan-fileformat.html#vscan-db-match .
>>
>> Cheers,
>> -Fyodor
>>
>>
>
>
> Thomas Buchanan made several excellent improvements to this on
> Feb 7 and 8th.  I think the only remaining items are addressing
> your concerns about the versions being in the p// field.  I will
> submit a patch tonight that has these changes made.  I have been
> a bit torn on which data to put in which field.  After looking at
> the command line and XML output I think I have settled on putting
> the Service Pack in the version field (v//) and the build in the
> information field (i//).
>
> For example:  v/SP3/  i/Build:8.00.760/
>
> I welcome any comments concerning preferences or nmap conventions
> on this.
>
> Tom
>

I have produced two patches, one with the Build number in the info
field and another with the Service Pack number in the info field.
I prefer the one with the Build number in the info field, but you
folks know what best fits with nmap conventions.  Please let me
know if the patch files are not correct or if they need to be
improved.

Tom

Attachment: nmap-service-probes.build.in.info
Description:

Attachment: nmap-service-probes.build.in.version
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005, (continued)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Jan 10)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 doug (Jan 13)
  - Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Jan 13)
    - Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 doug (Jan 13)
  - RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Thomas Buchanan (Feb 07)
    - Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Feb 07)
    - RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Thomas Buchanan (Feb 08)
    - Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Feb 08)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Feb 27)
  - Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Tom Sellers (Feb 28)
    - Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Tom Sellers (Feb 28)