Nmap Development mailing list archives
Corrections to nmap-service-probes
From: doug () hcsw org
Date: Tue, 3 Feb 2009 23:51:58 +0000
Hi nmap-dev, I just checked in some changes to nmap-service-probes that are the results of corrections sent to the submitter. These are very important in order to ensure the accuracy of probes file so big thank you to everyone who sent corrections. Highlights: * Some devices embed thttpd but strip the version information. Since it turns out multiple devices do this, I removed a specific device match line and converted it into an more general thttpd match line. * Latest dovecot pop3d doesn't show banner but spits out uniqueish errors to GenericLines * False positive: Billion aDSL was actually D-Link aDSL * False positive: Netgear WAP http config port was actually Linksys WAP * False positive: Netgear broadband router ftp and telnet ports were actually from ZyXel VoIP adapter Wasn't able to fix these: * false positive for 23/tcp open nessus syn-ack Nessus Daemon (NTP v1.0) is actually telnetd of integrated lights-out management processor card in an HP Integrity rx2600 NSOCK (104.0660s) msevent_new (IOD #20) (EID #1082) ... NSOCK (104.0750s) Callback: READ SUCCESS for EID 1082 [X.X.X.X:23] (27 bytes): < NTP/1.0 >...MP password: Looks like it echos back the probe at least sometimes? Strange * 445/tcp open microsoft-ds syn-ack Microsoft Windows XP microsoft-ds but OS is Windows 2000 SP4 Rollup 1, thus port 445 TCP canot be Windows XP microsoft-ds Anyone know more about this service and/or have enough windows machines to test this service in bulk? The relevant match lines are in Probe TCP SMBProgNeg
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Corrections to nmap-service-probes doug (Feb 03)