Nmap Development mailing list archives
Re: [patch] SecurID Administration daemon match
From: David Fifield <david () bamsoftware com>
Date: Sat, 12 Dec 2009 00:49:24 -0700
On Mon, Nov 30, 2009 at 06:22:52PM -0500, Matt Selsky wrote:
Add match for RSA SecurID Administration Daemon. This is based on the contents of the SSL certificate returned by the daemon. diff --git a/nmap-service-probes b/nmap-service-probes index 7e6d9e0..808f263 100644 --- a/nmap-service-probes +++ b/nmap-service-probes @@ -6550,6 +6550,8 @@ match tor m|^\x16\x03\0\0\*\x02\0\0&\x03\0.*T[oO][rR]1.*[\x00-\x20]([-\w_.]+) <i match ssl/sophos m|^\x16\x03\0.*Router\$([a-zA-Z0-9_-]+).*Sophos EM Certification Manager|s p/Sophos Message Router/ h/$1/ match ssl/sophos m|^\x16\x03\0.*Sophos EM Certification Manager|s p/Sophos Message Router/ +match sdadmind m|Security Dynamics Technologies, Inc. Primary CA Root 10\x1e\x17\r011002154405Z\x17\r210927154405Z041200\x06\x03U\x04\x03\x13\)Security Dynamics Technologies ACE/Server| p/SecurID Administration Daemon/ + # Generic: TLSv1 Handshake error match ssl m|^\x15\x03\0\0\x02\x02\($| p/TLSv1/
Does version detection return a result or a fingerprint for this service after reconnecting with SSL? Is it really an SSL-wrapped service, or does it just happen to respond to the SSLSessionReq probe? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [patch] SecurID Administration daemon match Matt Selsky (Nov 30)
- Re: [patch] SecurID Administration daemon match David Fifield (Dec 11)