Nmap Development mailing list archives
Re: More Service Detection Notes
From: "Brandon Enright" <bmenrigh () ucsd edu>
Date: Wed, 2 Aug 2006 21:10:29 -0000 (UTC)
Fyodor wrote:
On Tue, Jul 25, 2006 at 10:19:22PM -0700, doug () hcsw org wrote:Thanks to Google's Summer of Code I was again able to spend the last week integrating your service detection submissions! Thank you to everybody who submitted.Yay! To you and the submitters. The updates will be in the next release.As usual, I've added a blog entry with an edited selection of my notes: http://www.hcsw.org/blog.pl?a=19&b=19 I discuss Skype 2.0, Cisco ACNS, protocols that consider remote source ports, outbound filtered tcp/25, and more.But the best part is the gallery of bizarre service banners :). Watch out for the Browser Sux Error! BTW, I noticed that the Haxdoor trojan signature mentioned in your blog seems to be missing a p// element. So I added one (after a bit of Googling): -match backdoor m|^A-311 Death welcome\x001\.87| i/**BACKDOOR**/ o/Windows/ +match backdoor m|^A-311 Death welcome\x001\.87| p/Haxdoor trojan/ i/**BACKDOOR**/ o/Windows/ Cheers, -F
This pattern looks to be too specific to match all versions of Haxdoor. One of our hosts just returned "A-311\x20Death\x20welcome\x001\.88E!". Perhaps the pattern should be entry should be changed to: match backdoor m|^A-311 Death welcome\x001| p/Haxdoor trojan/ i/**BACKDOOR**/ o/Windows/ Brandon -- Brandon Enright Network Security Analyst UCSD ACS/Network Operations bmenrigh () ucsd edu _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- More Service Detection Notes doug (Jul 25)
- Re: More Service Detection Notes (Skype) Brandon Enright (Jul 25)
- Re: More Service Detection Notes (Skype) doug (Jul 26)
- Re: More Service Detection Notes (Skype) Brandon Enright (Jul 26)
- Re: More Service Detection Notes (Skype) Fyodor (Jul 27)
- Re: More Service Detection Notes (Skype) Brandon Enright (Jul 27)
- Re: More Service Detection Notes (Skype) doug (Jul 26)
- Re: More Service Detection Notes (Skype) Brandon Enright (Jul 25)
- Re: More Service Detection Notes Fyodor (Aug 01)
- Re: More Service Detection Notes doug (Aug 01)
- Re: More Service Detection Notes Brandon Enright (Aug 02)
- Re: More Service Detection Notes Fyodor (Aug 02)