Nmap Development mailing list archives

Re: favicon survey script

From: Vlatko Kosturjak <kost () linux hr>
Date: Thu, 06 Aug 2009 22:37:39 +0200

David Fifield wrote:

The hash A8FE5B8AE2C445A33AC41B33CCC9A120 is by far the most common one
I found in my scanning, and I think in Brandon's too. Just like you
noted, it is really HTML text:
<html><head><title>Cannot find server</title></head><body>
<br>Access to this web page is currently unavailable.<P><HR></BODY></HTML>
It would be good to know what software produces this. There's an entry
in nmap-service-probes that matches it, for "Arris cm450 cable modem
http config". My guess is that it's probably broader than that, given
its prevalence.


I suspect it is some kind of small web server (for embeded devices).

From previous talks on this mailing list, it seems like http server

which doesn't respect HTTP protocol:
http://seclists.org/nmap-dev/2008/q2/0731.html

Kost

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: favicon survey script, (continued)
- - - Re: favicon survey script kx (Aug 06)
    - Re: favicon survey script Joao Correa (Aug 06)
    - Re: favicon survey script Joao Correa (Aug 09)
    - Re: favicon survey script Joao Correa (Aug 09)
    - Re: favicon survey script Fyodor (Aug 10)
    - Re: favicon survey script Joao Correa (Aug 10)
    - Re: favicon survey script Joao Correa (Aug 10)
    - Re: favicon survey script Joao Correa (Aug 17)
    - Re: favicon survey script David Fifield (Aug 18)
    - Re: favicon survey script Joao Correa (Aug 28)
    - Re: favicon survey script Vlatko Kosturjak (Aug 06)
  - Re: favicon survey script doug (Aug 05)
    - Re: favicon survey script Vlatko Kosturjak (Aug 05)
- favicon viewer David Fifield (Aug 06)