Nmap Development mailing list archives
Re: Regarding "Windows XP identd" in nmap-service-probes (r2839)
From: Fyodor <fyodor () insecure org>
Date: Fri, 30 Jan 2009 19:55:58 -0800
On Fri, Jan 30, 2009 at 08:03:50PM -0600, Kris Katterjohn wrote:
Hmm.. many services have an official EOL of CRLF (which is why Ncat's -C comes in handy), so reading that keeping \r\n to specify Windows makes me a little uncomfortable. I just glanced over RFC 1413 and it in fact says that the EOL is CRLF (I searched for both "CR" and "LF" and didn't see any mention of an exception).
That is a good point, and I agree that it might match non-Windows services too. But the way version detection (and OS detection) is supposed to work is that we start with a rather strict match (both in the signature itself and in the specific naming). Then we broaden the signature when we get new submissions for the same service/OS which don't quite match it. That part works well. But we're also supposed to broaden the name/description based on correction reports. The problem is that we don't get many corrections :(. And I haven't figured out how to fix that (social) problem. Nmap already prints a line asking people to report any errors. But if Nmap reports Windows identd, and the target is actually Linux, most people just ignore it rather than submitting a report at http://nmap.org/submit/ :(. If we figure out how to increase the number of correction reports, we'll also solve the Windows identd issue :). Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Regarding "Windows XP identd" in nmap-service-probes (r2839) Brandon Enright (Jan 30)
- Re: Regarding "Windows XP identd" in nmap-service-probes (r2839) Fyodor (Jan 30)
- Re: Regarding "Windows XP identd" in nmap-service-probes (r2839) Kris Katterjohn (Jan 30)
- Re: Regarding "Windows XP identd" in nmap-service-probes (r2839) Fyodor (Jan 30)
- Re: Regarding "Windows XP identd" in nmap-service-probes (r2839) Kris Katterjohn (Jan 31)
- Re: Regarding "Windows XP identd" in nmap-service-probes (r2839) Kris Katterjohn (Jan 30)
- Re: Regarding "Windows XP identd" in nmap-service-probes (r2839) Fyodor (Jan 30)