Re: Regarding "Windows XP identd" in nmap-service-probes (r2839)

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
> On Fri, Jan 30, 2009 at 08:03:50PM -0600, Kris Katterjohn wrote:
> > Hmm.. many services have an official EOL of CRLF (which is why Ncat's -C comes
> > in handy), so reading that keeping \r\n to specify Windows makes me a little
> > uncomfortable.  I just glanced over RFC 1413 and it in fact says that the EOL
> > is CRLF (I searched for both "CR" and "LF" and didn't see any mention of an
> > exception).
>
> That is a good point, and I agree that it might match non-Windows
> services too.  But the way version detection (and OS detection) is
> supposed to work is that we start with a rather strict match (both in
> the signature itself and in the specific naming).  Then we broaden the
> signature when we get new submissions for the same service/OS which
> don't quite match it.  That part works well.  But we're also supposed
> to broaden the name/description based on correction reports.  The
> problem is that we don't get many corrections :(.  And I haven't
> figured out how to fix that (social) problem.  Nmap already prints a
> line asking people to report any errors.  But if Nmap reports Windows
> identd, and the target is actually Linux, most people just ignore it
> rather than submitting a report at http://nmap.org/submit/ :(.
>
> If we figure out how to increase the number of correction reports,
> we'll also solve the Windows identd issue :).

You've inspired me to go around to new/updated equipment I have available to
me and scan them for any types of corrections (I've sent 3 so far).

I also encourage anybody with corrections available for submission to send it
in since it's very easy to do and takes only a little time.

> Cheers,
> -F

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJhKBUAAoJEEQxgFs5kUfuwL0P/RfIds/kbiokcOwKB5mCIeLV
eHdH+106n988Yhb//8cfCV19wEsvFLf8GIcC4hmmlniV4rrX0r+MP+pjdLuBOIJa
AjZDettiOhJEwFH2q+Tlqwes2VjTY9coYdZ27kNrXCa3r6r+I5cOPG8WUAaGb93l
gT/kPSVyB3YsVp2ELbJ7LyBcu6EoW89u42rjmXivMZf7fPsmMRTL5V+ccheJOk3R
wjlXMjP/A4MgyZQMcK2dkZia853ZtopDJAZvWFyEYOkKEQdzjKMuFDwBZy71iy/W
z9wLSp3rJXQz3YJdm4lQG78brWLdixpDklYkFyLSebTABCQxq3UyZLTMOkdoSfsl
6II6gs1XKgk2CNx7nzoO8dvtQMsaR+XXOW1aoILrG2yPZFuBADBy0iJuC3npHlqA
kB4Pc90dGQrbFNKsf7BqaF3sp2UBU2yHz3i9I7GRSo93lAgrLJ4/5+km4doSgliJ
h5tkUvBB3HKUScLvG0cnMoPI77vwJLbXfjqAXwaVg+gVtT10hiLHmwuve0wVj0Rf
an2rF55rOZ7ot0/Kdk0VkCCrwPKBYBI3k+a3KFUCo5Q2KXY1ZH2bfglfvHYPewA2
tKGGOOY8TmOvys80g/J+DiJZ2FmKXd+3wIqUMn7gb2iN/VaCaNt/f6s4teefNuxe
DgLXj7ImmBsLAoERlY9E
=eD28
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org