Re: [PATCH] Beast Trojan service correction and probe

[doug () hcsw org]

Hi Brandon,

On Sat, Mar 08, 2008 at 12:45:24AM +0000 or thereabouts, Brandon Enright wrote:

> I always hate removing probes though and backdoor/compromised machine
> detection is the primary reason why I use Nmap...  So, I got a hold of a
> few different version of Beast and gave them a whirl.  Attached is a
> patch that will properly match Beast v2.x.  The 1.x series can not be
> matched by -sV because two messages have to be sent before a response
> is received.

Excellent work, thank you very much! I think I remember having some
doubts about this match line and it is interesting to hear about the
matching problems it causes. I've appled this patch to SVN.

Thanks again,

Doug

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org