Nmap Development mailing list archives
Re: [PATCH] Beast Trojan service correction and probe
From: doug () hcsw org
Date: Fri, 7 Mar 2008 21:34:05 -0800
Hi Brandon, On Sat, Mar 08, 2008 at 12:45:24AM +0000 or thereabouts, Brandon Enright wrote:
I always hate removing probes though and backdoor/compromised machine detection is the primary reason why I use Nmap... So, I got a hold of a few different version of Beast and gave them a whirl. Attached is a patch that will properly match Beast v2.x. The 1.x series can not be matched by -sV because two messages have to be sent before a response is received.
Excellent work, thank you very much! I think I remember having some doubts about this match line and it is interesting to hear about the matching problems it causes. I've appled this patch to SVN. Thanks again, Doug
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Beast Trojan service correction and probe Brandon Enright (Mar 07)
- Re: [PATCH] Beast Trojan service correction and probe doug (Mar 07)