Misc. Barracuda service stuff

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The fingerprint submission page doesn't seem flexible enough for
corrections and discussions so here goes:

We have a bunch of Barracuda "Spam Firewall" products on campus
(http://www.barracudanetworks.com/ns/products/spam_overview.php).

Their webserver always fingerprints as:

80/tcp  open  http     syn-ack Barracuda Networks Load Balancer http config 1.00
443/tcp open  ssl/http syn-ack Barracuda Networks Load Balancer http config 1.00

Service Info: Device: load balancer

Barracuda Networks also makes load balancers and my guess is that they
use nearly the same login page for both.  It isn't exact though because
the Spam appliances always have "Barracuda Spam Firewall" on their
login page.  This match line could be made more generic or I'd be happy
to provide a fix for the match to properly recognize their spam
products web pages.

Also, the SMTP services aren't currently recognized and their banner is
always some variation of:

^220\x20some.host.name\x20ESMTP\x20\(32_hex_digits\)

Here is one of the hex strings: 504a23141b4a41b5b4e49d39ff99a051

I suspect the hex string relates to the firmware version but I haven't
been able to verify that.


I'd be happy to submit a patch to fix things up as best I can or if
someone else wants to tackle it, I can provide any necessary banners to
help clean things up.  My concern is that since I don't have access to
other Barracuda products, I can't really check to see if I screw up
their fingerprinting.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iD8DBQFH0ISMqaGPzAsl94IRApk1AJwMwKlsrOFcA+MrxaTw60fNNVFLigCgmKgd
405ofSPAr8akJvVYgN5RsIY=
=q4NW
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org