Nmap Development mailing list archives
Re: SMB related version detection updates
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 30 Mar 2016 09:12:48 -0500
Tom, Thanks for these updates! We occasionally get service fingerprints for SMB, but it can be hard to tell which parts of the response are relevant to the service version. Solid empirical results like these are very valuable. Dan On Wed, Mar 30, 2016 at 5:38 AM, Tom Sellers <nmap () fadedcode net> wrote:
FYI, Yesterday in commit 35748 I updated some SMB related match lines. The intent was to improve the scan results in preparation for dealing with Badlock. Fixed are certain matchlines that indicated a specific OS version such as 'Microsoft Windows NT netbios-ssn' that actually matched newer versions of Windows including 2012 R2. Matches that indicated Samba 3.x have been updated as they also match Samba 4.x as well. There are also a couple of new matchlines that help handle and capture data, particularly in cases where responses from Samba exactly match those from Windows. The changes were tested against Windows 7 and 8, Windows Server 2008, 2008 R2, 2012, 2012 R2 as well as Samba 3.6.x, 4.1.x, and Apple's current SMB fork. Tom _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- SMB related version detection updates Tom Sellers (Mar 30)
- Re: SMB related version detection updates Daniel Miller (Mar 30)
- Re: SMB related version detection updates Royce Williams (Mar 30)
- <Possible follow-ups>
- RE: SMB related version detection updates nmap (Mar 30)