Nmap Development mailing list archives
Re: Kerberos probes for nmap
From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 13 Dec 2009 06:46:40 +0100
On 13 dec 2009, at 01.25, David Fifield wrote:
On Sat, Nov 28, 2009 at 09:20:53PM +0100, Patrik Karlsson wrote:I noticed that Kerberos get's detected fine when running against Windows but my Heimdal hosts are not detected. Running over TCP the RPCCheck probe seems to trigger an answer. Here's the signature: SF-Port88-TCP:V=5.10BETA1%I=7%D=11/28%Time=4B1181BB%P=i386-apple-darwin10.2.0%r(RPCCheck,55,"\0\0\0Q~O0M\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\ SF:x11\x18\x0f20091128200203Z\xa5\x05\x02\x03\x08i@\xa6\x03\x02\x01=\xa9\x SF:15\x1b\x13<unspecified\x20realm>\xaa\x0b0\t\xa0\x03\x02\x01\0\xa1\x020\ SF:0");Thanks for checking this out. If the RPCCheck probe gets a response, then let's just add another match line instead of a whole new probe. Just follow the instructions at http://insecure.org/cgi-bin/submit.cgi?new-service Those submissions are due to be processed soon. It would be worth adding a new probe if the new probe could provide a lot more information, like a version number or server name. And then, it's best to make the match specific at first. Otherwise people will see "Kerberos" in the output and think, "good enough," and not submit fingerprints that might allow us to be more discriminating. David Fifield
Hi David, I submitted the signature per your request. However, it's only valid for TCP which wasn't clear in my first post. Scanning port 88/UDP does currently not trigger any response at all, which was the main reason for submitting my previous patch. -- Patrik Karlsson http://www.cqure.net _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Kerberos probes for nmap Patrik Karlsson (Nov 28)
- Re: Kerberos probes for nmap David Fifield (Dec 12)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 12)
- Re: Kerberos probes for nmap David Fifield (Dec 15)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 15)
- Re: Kerberos probes for nmap David Fifield (Dec 21)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 21)
- Re: Kerberos probes for nmap David Fifield (Dec 22)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 28)
- kerberos-get-realm.nse David Fifield (Dec 31)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 15)
- Re: Kerberos probes for nmap David Fifield (Dec 12)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 21)