Re: Service Detection: Goverlan Remote Administration Suite by PJ Technologies

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 11 Jun 2008 18:00:20 -0500 or thereabouts Tom Sellers
<nmap () fadedcode net> wrote:

> I have attached a match line that detects the client side Agent
> of the Goverlan Remote Administration Suite.  This portion allows
> for remote control (similar to VNC) as well as host management.  The
> product page can be found here:
>
> http://www.pjtec.com/GoverLAN/index.htm
>
> The client portion listens on TCP 21157, 21158 or 21158 and responds
> to the GetRequest probe.
>
> Tom

Tom,

Looks good.  Sorry to bug you with a few more questions about this
match.

* You don't have a anchor (zero-width assertion) in your match.  Can ^
or $ be added to the match?  Failed matches on expressions without
anchors can be very expensive.  Even something like ^.?.?.?.?<regex>
will speed up failed matches many orders of magnitude if there is a
variable (but short) preamble to where your expression matches.

* You said this will match a GetRequest probe.  Is the "HT" a truncated
version of "HTTP" or something entirely different?

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkhQXNUACgkQqaGPzAsl94Jw7gCeODyOb56vkOtFLo0O5sLQYjU4
RBsAoLdmgRSWCldwdXpE3V0L8RIP+h5D
=HSVQ
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org