Nmap Development mailing list archives
Re: bizarre false positive (?) in service detection
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 13 Apr 2007 18:23:36 +0000
On Fri, 13 Apr 2007 11:33:27 -0500 "DePriest, Jason R." <jrdepriest () gmail com> wrote: ... snip ...
But the signature for the service did have this bit added to it that was missing without the EHLO probe: (hello,2E,"220\x20\x20DP-6020\r\n250-Hello\r\n250-DSN\r\n250\x20CONNEG\r\n")
Okay I've attached a patch against the svn version of nmap-service-probes. It produces output like this: ----------------------------------------- $ sudo ./nmap -sV --datadir=. 127.0.0.1 Starting Nmap 4.21ALPHA4 ( http://insecure.org ) at 2007-04-13 18:13 UTC Interesting ports on localhost (127.0.0.1): Not shown: 1701 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.5 (protocol 2.0) 25/tcp open smtp Panasonic smtpd DP-6020 (Panasonic printer) 902/tcp open ssl/vmware-auth VMware GSX Authentication Daemon 1.10 (Uses VNC) Service Info: Device: printer Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ . Nmap finished: 1 IP address (1 host up) scanned in 6.141 seconds ---------------------------------------- I don't know enough about Fyodor or Doug's philosophy on what is a reasonable addition to the service probes file to comment on whether or not this patch will make it into any release. It should work for you though. Brandon
Attachment:
printer.diff
Description:
Attachment:
signature.asc
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- bizarre false positive (?) in service detection DePriest, Jason R. (Apr 12)
- Re: bizarre false positive (?) in service detection DePriest, Jason R. (Apr 12)
- Re: bizarre false positive (?) in service detection Brandon Enright (Apr 12)
- Re: bizarre false positive (?) in service detection DePriest, Jason R. (Apr 12)
- Re: bizarre false positive (?) in service detection DePriest, Jason R. (Apr 13)
- Re: bizarre false positive (?) in service detection Brandon Enright (Apr 13)
- Re: bizarre false positive (?) in service detection DePriest, Jason R. (Apr 13)
- Re: bizarre false positive (?) in service detection Brandon Enright (Apr 13)
- Re: bizarre false positive (?) in service detection doug (Apr 13)
- Re: bizarre false positive (?) in service detection Brandon Enright (Apr 12)
- Re: bizarre false positive (?) in service detection DePriest, Jason R. (Apr 12)