Nmap Development mailing list archives

Re: D-Link firmware backdoor

From: Michael Meyer <michael.meyer () greenbone net>
Date: Wed, 16 Oct 2013 15:10:06 +0200

*** David Maynor wrote:

These are done against the same IP, only difference is the user agent:
Davids-Mac-mini:dlink_scan dave$ wget -S --user-agent="xmlset_roodkcableoj28840ybtide" http://xxx.xxx.xxx.xxx


[...]

 Server: Alpha_webserv


[...]

Davids-Mac-mini:dlink_scan dave$ wget -S http://xxx.xxx.xxx.xxx


[...]

 Server: thttpd-alphanetworks/2.23


Yes, i've seen this behaviour. But for example the 'DIR-100' has
'Server: Alpha_webserv' in both cases. 

Micha

-- 
Michael Meyer                            OpenPGP Key: 52A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

D-Link firmware backdoor Patrik Karlsson (Oct 15)
- Re: D-Link firmware backdoor Michael Meyer (Oct 16)
  - Re: D-Link firmware backdoor David Maynor (Oct 16)
    - Re: D-Link firmware backdoor Michael Meyer (Oct 16)
    - Re: D-Link firmware backdoor Patrik Karlsson (Oct 16)
    - Re: D-Link firmware backdoor Patrik Karlsson (Oct 17)