Nmap Development mailing list archives
Re: Service Detection: Goverlan Remote Administration Suite by PJ Technologies
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 11 Jun 2008 23:16:36 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 11 Jun 2008 18:00:20 -0500 or thereabouts Tom Sellers <nmap () fadedcode net> wrote:
I have attached a match line that detects the client side Agent of the Goverlan Remote Administration Suite. This portion allows for remote control (similar to VNC) as well as host management. The product page can be found here: http://www.pjtec.com/GoverLAN/index.htm The client portion listens on TCP 21157, 21158 or 21158 and responds to the GetRequest probe. Tom
Tom, Looks good. Sorry to bug you with a few more questions about this match. * You don't have a anchor (zero-width assertion) in your match. Can ^ or $ be added to the match? Failed matches on expressions without anchors can be very expensive. Even something like ^.?.?.?.?<regex> will speed up failed matches many orders of magnitude if there is a variable (but short) preamble to where your expression matches. * You said this will match a GetRequest probe. Is the "HT" a truncated version of "HTTP" or something entirely different? Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkhQXNUACgkQqaGPzAsl94Jw7gCeODyOb56vkOtFLo0O5sLQYjU4 RBsAoLdmgRSWCldwdXpE3V0L8RIP+h5D =HSVQ -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Service Detection: Goverlan Remote Administration Suite by PJ Technologies Tom Sellers (Jun 11)
- Re: Service Detection: Goverlan Remote Administration Suite by PJ Technologies Brandon Enright (Jun 11)