Nmap Development mailing list archives

Re: Famatech RAdmin fingerprint probe and match set

From: Fyodor <fyodor () insecure org>
Date: Sat, 12 Jan 2008 19:53:04 -0800

On Tue, Jan 08, 2008 at 07:04:28PM -0600, Tom Sellers wrote:

I have generated a Probe/Match combination for the RAdmin remote
control software.


Thanks Tom!  Usually Doug handles these, but he hasn't responded to
your message and so I integrated them.  If he has improvement ideas,
he can alwasy check them in.  I made a few changes to your entry:

o Added rarity 8 so that this is only done against port 4899 (unless --version-all is used)
o Moved the version number into v// section
o Changed RAdmin to Radmin since the latter is how the company seems to capitalize it
o Qualified Radmin with Famatech company name
o Removed "remote control software" from product name.  This was a
  tough decision since it can be useful for people who aren't familiar
  with the service.  But the signature text is already quite long
  without that.
o s/Using // (save space)
o Removed the generic match, since it is better for us to print a 
o Changed the generic match line to a softmatch so we still print a
  fingerprint, as we would like a user to submit this with the proper
  version information and such.

Here is the new entry in SVN:

Probe TCP Radmin q|\x01\x00\x00\x00\x01\x00\x00\x00\x08\x08|
ports 4899
rarity 8

match radmin m|^\x01\x00\x00\x00\x25\x09\x00\x01\x10\x08\x01\x00\x09\x08| p/Famatech Radmin/ v/2.X/ o/Windows/ 
i/Windows Authentication/
match radmin m|^\x01\x00\x00\x00\x25\x0a\x00\x01\x10\x08\x01\x00\x0a\x08| p/Famatech Radmin/ v/2.X/ o/Windows/ i/Radmin 
Authentication/
match radmin m|^\x01\x00\x00\x00\x25\x00\x00\x02\x12\x08\x02\x00\x00\x0a| p/Famatech Radmin/ v/3.X/ o/Windows/ i/Radmin 
Authentication/
match radmin m|^\x01\x00\x00\x00\x25\x71\x00\x02\x12\x08\x02\x00\x71\x0a| p/Famatech Radmin/ v/3.X/ o/Windows/ 
i/Windows Authentication/

softmatch radmin m|^\x01\x00\x00\x00\x25| p/Famatech Radmin/ o/Windows/


If you can update your SVN and give it a try, that would be great!

Thanks again,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Famatech RAdmin fingerprint probe and match set Tom Sellers (Jan 08)
- Re: Famatech RAdmin fingerprint probe and match set Fyodor (Jan 12)
  - Re: Famatech RAdmin fingerprint probe and match set doug (Jan 13)