Re: bizarre false positive (?) in service detection

[Brandon Enright <bmenrigh () ucsd edu>]

On Fri, 13 Apr 2007 11:33:27 -0500
"DePriest, Jason R." <jrdepriest () gmail com> wrote:
... snip ...
> But the signature for the service did have this bit added to it that
> was missing without the EHLO probe:
> (hello,2E,"220\x20\x20DP-6020\r\n250-Hello\r\n250-DSN\r\n250\x20CONNEG\r\n")

Okay I've attached a patch against the svn version of nmap-service-probes.

It produces output like this:

-----------------------------------------
$ sudo ./nmap -sV --datadir=. 127.0.0.1              

Starting Nmap 4.21ALPHA4 ( http://insecure.org ) at 2007-04-13 18:13 UTC
Interesting ports on localhost (127.0.0.1):
Not shown: 1701 closed ports
PORT    STATE SERVICE         VERSION
22/tcp  open  ssh             OpenSSH 4.5 (protocol 2.0)
25/tcp  open  smtp            Panasonic smtpd DP-6020 (Panasonic printer)
902/tcp open  ssl/vmware-auth VMware GSX Authentication Daemon 1.10 (Uses
VNC)
Service Info: Device: printer

Service detection performed. Please report any incorrect results at
http://insecure.org/nmap/submit/ . Nmap finished: 1 IP address (1 host up)
scanned in 6.141 seconds
----------------------------------------

I don't know enough about Fyodor or Doug's philosophy on what is a
reasonable addition to the service probes file to comment on whether or not
this patch will make it into any release.  It should work for you though.

Brandon

Attachment: printer.diff
Description:

Attachment: signature.asc
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org