Nmap Development mailing list archives
Re: Lexmark matches
From: Patrik Karlsson <patrik () labb1 com>
Date: Tue, 12 Jan 2010 22:35:41 +0100
On 12 jan 2010, at 21.59, David Fifield wrote:
On Mon, Jan 04, 2010 at 11:05:46AM +0100, Patrik Karlsson wrote:Hi, I recently purchased a new Lexmark printer. I have added match lines for FTP and port 9100/udp that gets detected by the NTPRequest probe. Port 9100/udp should be running the hbn3 protocol according to: http://www.lexmark.com/vgn/images/portal/Security%20Features%20of%20Lexmark%20MFPs%20v1_1.pdfHmm, this HBN3 protocol is mysterious.
Indeed.
"Lexmark 7500 Series Printer - GPL?" http://blog.trumpton.org.uk/2008/12/lexmark-x7500-multi-function-printer.html "Lexmark Reverse Engineering Project" http://www.awakecoding.com/index.php?view=article&id=9 "Lexmark x4690 Reverse Engineering" http://www.binrev.com/forums/index.php/topic/40882-lexmark-x4690-reverse-engineering/ As best as I can tell, the "HBN3" running on TCP and UDP is different. The web pages say that 9100/tcp looks like JetDirect and you've found that 9100/udp looks like mDNS.
Yes, the protocols on tcp and udp are different, but I have not done that much digging to be quite honest. I left tcpdump running when installing the drivers just to see how discovery was done. What I do know is that 9100/tcp is also used when scanning over the network.
I committed your patch. I used your provisional name of hbn3 for the servive, but if it turns out to really be mDNS then we can relabel it.
Sounds good!
That's one of the things I like about Nmap, when it can cut through the marketing speak and determine that some whiz-bang administrative protocol is really Telnet or something like that.
I agree, that really is impressive. I also like how probes for a particular protocol end up triggering responses for some completely different protocol.
I'm looking at the HBN3 script now. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
//Patrik -- Patrik Karlsson http://www.cqure.net _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Lexmark matches and script Patrik Karlsson (Jan 04)
- Re: Lexmark matches David Fifield (Jan 12)
- Re: Lexmark matches Patrik Karlsson (Jan 12)
- Re: Lexmark script David Fifield (Jan 12)
- Re: Lexmark script Patrik Karlsson (Jan 13)
- Re: Lexmark script David Fifield (Jan 22)
- Re: Lexmark script Patrik Karlsson (Jan 23)
- Re: Lexmark script David Fifield (Jan 29)
- Re: Lexmark script Patrik Karlsson (Jan 13)
- Re: Lexmark matches David Fifield (Jan 12)