Re: service misidentification

[Daniel Miller <bonsaiviking () gmail com>]

Josh,

I found that this was happening even with Terminal Services on port 3389.
We had added port 3389 to the list of ports for the TLSSessionReq probe,
which resulted in the "ssl" tunnel detection, but we don't have an
appropriate followup probe to detect RDP after that. I removed it from the
list of ports and detection was restored. This fix is in r35935.

It's still listed in shortport.lua's list of SSL ports, so the ssl-*.nse
scripts still work just fine.

Dan

On Fri, Jun 24, 2016 at 2:25 AM, Josh Amishav-Zlatin <jamuse () gmail com>
wrote:

> Hi Dan,
>
> Both versions are running on the same machine with the libdev-ssl
> 1.0.2g-1ubuntu4.1 installed. If its relevant, I can give you the IP I'm
> testing privately for you to recreate the issue. I've recreated the problem
> on 3 different machines.
>
> # ./nmap --version
>
> Nmap version 7.12SVN ( https://nmap.org )
> Platform: x86_64-unknown-linux-gnu
> Compiled with: nmap-liblua-5.2.4 openssl-1.0.2g libpcre-8.38 libpcap-1.7.4
> nmap-libdnet-1.12 ipv6
> Compiled without:
> Available nsock engines: epoll poll select
>
>
> # ./nmap --version
>
> Nmap version 6.47 ( http://nmap.org )
> Platform: x86_64-unknown-linux-gnu
> Compiled with: nmap-liblua-5.2.3 openssl-1.0.2g libpcre-8.38 libpcap-1.7.4
> nmap-libdnet-1.12 ipv6
> Compiled without:
> Available nsock engines: epoll poll select
>
>
> - Josh
>
> On Fri, Jun 24, 2016 at 3:23 AM, Daniel Miller <bonsaiviking () gmail com>
> wrote:
>
> > Did you forget to install OpenSSL development headers? Try nmap --version
> > to see.
> >
> > Dan
> > On Jun 23, 2016 3:00 PM, "Josh Amishav-Zlatin" <jamuse () gmail com> wrote:
> >
> > > When I run nmap v6.47 against an RDP server on a non-standard port, the
> > > service is correctly identified. However, when I run the same command using
> > > nmap 7.12SVN the service is not correctly identified. For example:
> > >
> > > #:/opt/nmap-6.47# ./nmap -A -p 33896 -Pn x.x.x.x
> > > ...
> > > PORT      STATE SERVICE       VERSION
> > > 33896/tcp open  ms-wbt-server Microsoft Terminal Service
> > >
> > > #:/opt/nmap-7.12SVN# ./nmap -A -p 33896 -Pn x.x.x.x
> > > ...
> > > PORT      STATE SERVICE       VERSION
> > > 33896/tcp open  ssl/unknown
> > >
> > > I've tried setting the --version-intensity to 9, but no joy. How can I
> > > debug and fix this issue?
> > >
> > > _______________________________________________
> > > Sent through the dev mailing list
> > > https://nmap.org/mailman/listinfo/dev
> > > Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/