Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Corrections to nmap-service-probes

From: doug () hcsw org
Date: Tue, 3 Feb 2009 23:51:58 +0000
Hi nmap-dev,

I just checked in some changes to nmap-service-probes that are
the results of corrections sent to the submitter. These are
very important in order to ensure the accuracy of probes file
so big thank you to everyone who sent corrections.

Highlights:

* Some devices embed thttpd but strip the version information.
  Since it turns out multiple devices do this, I removed a
  specific device match line and converted it into an more
  general thttpd match line.

* Latest dovecot pop3d doesn't show banner but spits out
  uniqueish errors to GenericLines

* False positive: Billion aDSL was actually D-Link aDSL

* False positive: Netgear WAP http config port was actually
  Linksys WAP

* False positive: Netgear broadband router ftp and
  telnet ports were actually from ZyXel VoIP adapter




Wasn't able to fix these:

* false positive for 23/tcp open  nessus  syn-ack Nessus Daemon (NTP v1.0)
  is actually telnetd of integrated lights-out management processor card in an HP Integrity rx2600

NSOCK (104.0660s) msevent_new (IOD #20) (EID #1082)
...
NSOCK (104.0750s) Callback: READ SUCCESS for EID 1082 [X.X.X.X:23] (27 bytes): < NTP/1.0 >...MP password:

  Looks like it echos back the probe at least sometimes? Strange



* 445/tcp open  microsoft-ds syn-ack Microsoft Windows XP microsoft-ds
  but OS is Windows 2000 SP4 Rollup 1, thus port 445 TCP canot be Windows XP microsoft-ds

  Anyone know more about this service and/or have enough windows machines
  to test this service in bulk? The relevant match lines are in Probe TCP SMBProgNeg

Attachment: _bin
Description: 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: