Famatech RAdmin fingerprint probe and match set

[Tom Sellers <nmap () fadedcode net>]

I have generated a Probe/Match combination for the RAdmin remote
control software.

Software:       RAdmin
Vendor:         Famatech
URL:            www.radmin.com

Description:    Remote control software for MS Windows
                 based hosts.

Default Port:   4899
Configurable Port#: Yes

The first four match lines below probably go into too much detail.
I included them in the event that there was an interest in the
data and that having it did not incur to much overhead.

##########################################################

Probe TCP RAdmin q|\x01\x00\x00\x00\x01\x00\x00\x00\x08\x08|
ports 4899

#Specific version and configuration matches
match radmin m|^\x01\x00\x00\x00\x25\x09\x00\x01\x10\x08\x01\x00\x09\x08| p/RAdmin 2.x Remote Control Software/ 
o/Windows/ i/Using Windows Authentication/
match radmin m|^\x01\x00\x00\x00\x25\x0a\x00\x01\x10\x08\x01\x00\x0a\x08| p/RAdmin 2.x Remote Control Software/ 
o/Windows/ i/Using RAdmin Authentication/
match radmin m|^\x01\x00\x00\x00\x25\x00\x00\x02\x12\x08\x02\x00\x00\x0a| p/RAdmin 3.x Remote Control Software/ 
o/Windows/ i/Using RAdmin Authentication/
match radmin m|^\x01\x00\x00\x00\x25\x71\x00\x02\x12\x08\x02\x00\x71\x0a| p/RAdmin 3.x Remote Control Software/ 
o/Windows/ i/Using Windows Authentication/

#Generic Radmin 2.x and 3.x detection
match radmin m|^\x01\x00\x00\x00\x25| p/RAdmin Remote Control Software/ o/Windows/


##########################################################

Thanks much,

Tom Sellers

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org