Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SMB related version detection updates

From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 30 Mar 2016 09:12:48 -0500
Tom,

Thanks for these updates! We occasionally get service fingerprints for SMB,
but it can be hard to tell which parts of the response are relevant to the
service version. Solid empirical results like these are very valuable.

Dan

On Wed, Mar 30, 2016 at 5:38 AM, Tom Sellers <nmap () fadedcode net> wrote:


FYI,
  Yesterday in commit 35748 I updated some SMB related match lines.  The
intent was to
improve the scan results in preparation for dealing with Badlock.  Fixed
are certain
matchlines that indicated a specific OS version such as 'Microsoft Windows
NT netbios-ssn'
that actually matched newer versions of Windows including 2012 R2.
Matches that indicated
Samba 3.x have been updated as they also match Samba 4.x as well. There
are also a
couple of new matchlines that help handle and capture data, particularly
in cases where
responses from Samba exactly match those from Windows.

The changes were tested against Windows 7 and 8, Windows Server 2008, 2008
R2, 2012, 2012 R2
as well as Samba 3.6.x, 4.1.x, and Apple's current SMB fork.


Tom
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: