Nmap Development mailing list archives
Re: Incorrect Telnet Detection
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 19 Mar 2008 18:51:18 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Lionel, We get this quite a bit too but I've never bothered to really investigate. A quick grep through my logs shows 25 machines throwing Nessus false positives (not limited to telnet services) on the last scan through campus. I'm working on service fingerprints all day today so I'll add this to my todo list of things to check into. Brandon On Wed, 19 Mar 2008 16:04:45 +0100 or thereabouts Lionel Cons <lionel.cons () cern ch> wrote:
I have recently scanned a clock that was running a telnet server which was mistakenly identified as a Nessus server: # nmap -sSV -p 23 1.2.3.4 [...] PORT STATE SERVICE VERSION 23/tcp open nessus Nessus Daemon (NTP v1.0) But: $ telnet 1.2.3.4 [...] Inova Solutions Digital Clock Welcome to OnTime Clock Version 1.2.N iclock login: Here is a suggested addition to nmap-service-probes to properly detect this service: match telnet m|^\xff\xfb\x01\xff\xfb\x03\s+Inova Solutions Digital Clock\s+Welcome to OnTime Clock Version ([\w\.]+)\s+iclock login:|s p/Inova Solutions Digital Clock/ v/$1/ d/clock/ Cheers, Lionel
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFH4WCsqaGPzAsl94IRAmDxAJ9VdoqGTMb7zOBsfyGnwrg56/yM0QCgopmf mfqNxmYvdIvVTAxbDQXnWNw= =/ibA -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Incorrect Telnet Detection Lionel Cons (Mar 19)
- Re: Incorrect Telnet Detection Brandon Enright (Mar 19)