Nmap Development mailing list archives
Re: service misidentification
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 27 Jun 2016 09:30:47 -0500
Josh, I found that this was happening even with Terminal Services on port 3389. We had added port 3389 to the list of ports for the TLSSessionReq probe, which resulted in the "ssl" tunnel detection, but we don't have an appropriate followup probe to detect RDP after that. I removed it from the list of ports and detection was restored. This fix is in r35935. It's still listed in shortport.lua's list of SSL ports, so the ssl-*.nse scripts still work just fine. Dan On Fri, Jun 24, 2016 at 2:25 AM, Josh Amishav-Zlatin <jamuse () gmail com> wrote:
Hi Dan, Both versions are running on the same machine with the libdev-ssl 1.0.2g-1ubuntu4.1 installed. If its relevant, I can give you the IP I'm testing privately for you to recreate the issue. I've recreated the problem on 3 different machines. # ./nmap --version Nmap version 7.12SVN ( https://nmap.org ) Platform: x86_64-unknown-linux-gnu Compiled with: nmap-liblua-5.2.4 openssl-1.0.2g libpcre-8.38 libpcap-1.7.4 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select # ./nmap --version Nmap version 6.47 ( http://nmap.org ) Platform: x86_64-unknown-linux-gnu Compiled with: nmap-liblua-5.2.3 openssl-1.0.2g libpcre-8.38 libpcap-1.7.4 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select - Josh On Fri, Jun 24, 2016 at 3:23 AM, Daniel Miller <bonsaiviking () gmail com> wrote:Did you forget to install OpenSSL development headers? Try nmap --version to see. Dan On Jun 23, 2016 3:00 PM, "Josh Amishav-Zlatin" <jamuse () gmail com> wrote:When I run nmap v6.47 against an RDP server on a non-standard port, the service is correctly identified. However, when I run the same command using nmap 7.12SVN the service is not correctly identified. For example: #:/opt/nmap-6.47# ./nmap -A -p 33896 -Pn x.x.x.x ... PORT STATE SERVICE VERSION 33896/tcp open ms-wbt-server Microsoft Terminal Service #:/opt/nmap-7.12SVN# ./nmap -A -p 33896 -Pn x.x.x.x ... PORT STATE SERVICE VERSION 33896/tcp open ssl/unknown I've tried setting the --version-intensity to 9, but no joy. How can I debug and fix this issue? _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- service misidentification Josh Amishav-Zlatin (Jun 23)
- Re: service misidentification Phil (Jun 23)
- Re: service misidentification Josh Amishav-Zlatin (Jun 23)
- Re: service misidentification Daniel Miller (Jun 23)
- Re: service misidentification Josh Amishav-Zlatin (Jun 24)
- Re: service misidentification Daniel Miller (Jun 27)
- Re: service misidentification Josh Amishav-Zlatin (Jun 27)
- Re: service misidentification Josh Amishav-Zlatin (Jun 29)
- Re: service misidentification Daniel Miller (Jun 29)
- Re: service misidentification Josh Amishav-Zlatin (Jun 24)
- Re: service misidentification Phil (Jun 23)