Nmap Development mailing list archives
Service match for identd incorrectly labeling systems as Windows.
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 29 May 2014 15:02:42 -0500
List, A user has reported that Nmap incorrectly labeled a Debian system as Windows when he scanned it with -sV. The system had port 113/tcp open, running an identd that matched line 4653 in nmap-service-probes: match ident m|^ : USERID : UNIX : [a-z]{4,8}\r\n$| o/Windows/ cpe:/o:microsoft:windows/a Now this is problematic for several reasons: 1. there is no product listed. Even if it is "Windows identd" there should be something there. 2. It's matching an identd on Debian 7 "wheezy" but says it's for Windows. As it stands, this is basically a useless test. We have X possible ways ahead: 1. Remove the o/Windows/ and cpe from the line and make it a softmatch, since there is no better info available. 2. Find the service this was written for and make a more-specific match line, including product name. 3. Find the service on Debian that matches this and rewrite the line to match that service instead. Thoughts, information, tests? Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Service match for identd incorrectly labeling systems as Windows. Daniel Miller (May 29)