Nmap Development mailing list archives
OpenSSH hpn detection
From: Matt Selsky <selsky () columbia edu>
Date: Tue, 30 Oct 2007 01:55:12 -0400
When I updated to the 2007q3 service-probes in SVN r5980, I started having service info problems. # ./nmap -O -p22,23 -sV mustard Starting Nmap 4.22SOC8 ( http://insecure.org ) at 2007-10-30 01:37 EDT Interesting ports on mustard (xx.xx.xx.xx): PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.7p1-hpn12v17 (protocol 2.0) 23/tcp closed telnet Device type: general purpose Running (JUST GUESSING) : Sun Solaris 9|10 (90%) Aggressive OS guesses: Sun Solaris 9 or 10 (SPARC) (90%), Sun Solaris 9 or 10 (89%), Sun Solaris 9 (SPARC) (88%) No exact OS matches for host (test conditions non-ideal). Uptime: 24.216 days (since Fri Oct 5 20:26:49 2007) Network Distance: 7 hops Service Info: OS: HP-UX OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ . Nmap done: 1 IP address (1 host up) scanned in 17.299 seconds This device is in fact running Solaris 9/SPARC. The problem seems to be that an OpenSSH with "-hpn" in the version string now assumes "o/HP-UX/". The -hpn string comes from the High Performance Networking patches for OpenSSH (http://www.psc.edu/networking/projects/hpn-ssh/) and has nothing to do with HP-UX. Also the -hpn should have a number after it, but not all of the service fingerprints do. I guess those are from a different set of OpenSSH patches? -- Matt _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- OpenSSH hpn detection Matt Selsky (Oct 29)
- Re: OpenSSH hpn detection Kris Katterjohn (Oct 29)
- Re: OpenSSH hpn detection Arturo 'Buanzo' Busleiman (Oct 30)
- Re: OpenSSH hpn detection Matt Selsky (Oct 30)
- RE: OpenSSH hpn detection Dario Ciccarone (dciccaro) (Oct 30)
- Re: OpenSSH hpn detection doug (Oct 30)
- Re: OpenSSH hpn detection Kris Katterjohn (Oct 29)