Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Incorrect Telnet Detection

From: Lionel Cons <lionel.cons () cern ch>
Date: Wed, 19 Mar 2008 16:04:45 +0100
I have recently scanned a clock that was running a telnet server which
was mistakenly identified as a Nessus server:

# nmap -sSV -p 23 1.2.3.4
[...]
PORT   STATE SERVICE VERSION
23/tcp open  nessus  Nessus Daemon (NTP v1.0)

But:

$ telnet 1.2.3.4
[...]
Inova Solutions Digital Clock
Welcome to OnTime Clock Version 1.2.N

iclock login: 

Here is a suggested addition to nmap-service-probes to properly detect
this service:

match telnet m|^\xff\xfb\x01\xff\xfb\x03\s+Inova Solutions Digital Clock\s+Welcome to OnTime Clock Version 
([\w\.]+)\s+iclock login:|s p/Inova Solutions Digital Clock/ v/$1/ d/clock/

Cheers,

Lionel

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: