Nmap Development mailing list archives
Re: [NSE] nat-pmp-info
From: David Fifield <david () bamsoftware com>
Date: Tue, 28 Sep 2010 12:28:14 -0700
On Tue, Sep 28, 2010 at 09:02:22PM +0200, Patrik Karlsson wrote:
On 28 sep 2010, at 18.42, David Fifield wrote:This is good. Did you submit the service fingerprint? I think it's good to add a match line in the same release as the new script. So please send the fingerprint to the list, or if you want to you can add the match line yourself. Just add it to the first probe that gets a response. I think this should be made into a UDP payload too, but I can do that after seeing the version probe. David FifieldThese are the fingerprints: * natpmp daemon on Linux SF-Port5351-UDP:V=5.35DC18%I=7%D=9/28%Time=4CA2300F%P=i386-apple-darwin10.4.0%r(RPCCheck,8,"\0\xfe\0\x01\0\0\0\x07")%r(DNSVersionBindReq,8,"\0\x86\0\ SF:x05\0\0\0\x0c")%r(DNSStatusRequest,C,"\0\x80\0\0\0\0\0\x11\x01\x02\x03\ SF:x04")%r(NBTStat,8,"\0\xf0\0\x01\0\0\0\x16")%r(Help,8,"\0\xe5\0\x01\0\0\ SF:0\x1b")%r(SIPOptions,8,"\0\xd0\0\x01\0\0\0\x20")%r(NTPRequest,8,"\0\x80 SF:\0\x01\0\0\0,")%r(SNMPv1public,8,"\0\x82\0\x01\0\0\x001")%r(SNMPv3GetRe SF:quest,8,"\0\xba\0\x01\0\0\x006")%r(AFSVersionRequest,C,"\0\x80\0\0\0\0\ SF:0@\x01\x02\x03\x04")%r(DNS-SD,C,"\0\x80\0\0\0\0\0E\x01\x02\x03\x04")%r( SF:Citrix,8,"\0\x80\0\x01\0\0\0J")%r(Kerberos,8,"\0\x81\0\x01\0\0\0O"); * Apple Time Capsule SF-Port5351-UDP:V=5.35DC18%I=7%D=9/28%Time=4CA22F48%P=i386-apple-darwin10.4.0%r(RPCCheck,8,"\0\0\0\x01\x01\x052\0")%r(DNSVersionBindReq,10,"\0\x86\0\ SF:x05\x002\x05\x06\0\0\0\0\0\0\0\0")%r(DNSStatusRequest,C,"\0\x80\0\0\x00 SF:2\x05\x0bA\x126\x34")%r(NBTStat,8,"\0\0\0\x01\x10\x052\0")%r(Help,8,"\0 SF:\0\0\x01\x15\x052\0")%r(SIPOptions,8,"\0\0\0\x01\x1a\x052\0")%r(Sqlping SF:,8,"\0\0\0\x01!\x052\0")%r(NTPRequest,8,"\0\0\0\x01&\x052\0")%r(SNMPv1p SF:ublic,8,"\0\0\0\x01\+\x052\0")%r(SNMPv3GetRequest,8,"\0\0\0\x010\x052\0 SF:")%r(xdmcp,10,"\0\x81\0\0\x002\x055\0\x01\0\x02\x02Ji\x02")%r(AFSVersio SF:nRequest,C,"\0\x80\0\0\x002\x05:A\x126\x34")%r(DNS-SD,C,"\0\x80\0\0\x00 SF:2\x05\?A\x126\x34")%r(Citrix,8,"\0\0\0\x01D\x052\0")%r(Kerberos,8,"\0\0 SF:\0\x01I\x052\0"); I propose the following match lines for the RPCCheck probe: match nat-pmp m|^\0\xfe\0\x01\0\0..$| p/natpmp daemon/ d/router/ match nat-pmp m|^\0\0\0\x01...\0$| p/Apple Time Capsule/ d/router/
That's good, except add the 's' flag to the expression if the dots can match any byte including '\n'. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] nat-pmp-info Patrik Karlsson (Sep 16)
- Re: [NSE] nat-pmp-info Patrik Karlsson (Sep 26)
- Re: [NSE] nat-pmp-info Tom Sellers (Sep 26)
- Re: [NSE] nat-pmp-info Patrik Karlsson (Sep 27)
- Re: [NSE] nat-pmp-info Fyodor (Sep 27)
- Re: [NSE] nat-pmp-info Daniel Miller (Sep 28)
- Re: [NSE] nat-pmp-info Patrik Karlsson (Sep 28)
- Re: [NSE] nat-pmp-info Tom Sellers (Sep 26)
- Re: [NSE] nat-pmp-info David Fifield (Sep 28)
- Re: [NSE] nat-pmp-info Patrik Karlsson (Sep 28)
- Re: [NSE] nat-pmp-info David Fifield (Sep 28)
- Re: [NSE] nat-pmp-info Patrik Karlsson (Sep 28)
- Re: [NSE] nat-pmp-info Patrik Karlsson (Sep 28)
- Re: [NSE] nat-pmp-info Patrik Karlsson (Sep 26)