Nmap Development mailing list archives
service-probe question: FTP services
From: Tom Sellers <nmap () fadedcode net>
Date: Tue, 03 Feb 2009 18:01:45 -0600
Both of the following lines in nmap-service-probes: match ftp m|^220 ([-\w]+) FTP server \(Version (\d.[.\d]+) ([A-Z][a-z]{2} [A-Z][a-z]{2} [0-9]+ [0-9:]+ .* [21][0-9]+)\) ready\.\r\n| p/HP-UX 10.x ftpd/ h/$1/ v/$2/ o/HP-UX/ i/$3/ match ftp m|^220 ([-\w]+) FTP server \(Version (\d[-.\w]+) [A-Z][a-z]{2} [A-Z][a-z]{2} .*\) ready\.\r\n| p/AIX ftpd/ h/$1/ v/$2/ o/AIX/ will match the following FTP banner: 220 mytesthost FTP server (Version 6.1 Mon Oct 18 04:11:03 CDT 2011) ready. One line indicates HP-UX and the other AIX. The host I tested against was AIX but the service fingerprint indicated that it was an HP-UX 10.x machine. Removing the HP-UX matchline allowed the fp to match the AIX line. Should these be changed to indicate both OSs or just edited to reference a generic ftp server? Also, the following match line: match smtp m|^220 $| p/OpenBSD spamd/ will trigger incorrectly on match ftp m|^220 IB-21E Ver ([\d.]+) FTP server\.\r\n| p/Kyocera IB-21E ftpd/ v/$1/ d/print server/ I have not quite figured out why. When I remove the OpenBSD spamd entry it fingerprints correctly. Any thoughts? Tom Sellers _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- service-probe question: FTP services Tom Sellers (Feb 03)
- Re: service-probe question: FTP services doug (Feb 03)
- Re: service-probe question: FTP services Fyodor (Feb 03)
- Re: service-probe question: FTP services doug (Feb 03)
- Re: service-probe question: FTP services Fyodor (Feb 03)
- Re: service-probe question: FTP services doug (Feb 03)