Re: [nmap-svn] r35956 - nmap

[Daniel Miller <bonsaiviking () gmail com>]

Tom,

After removing this, does a later probe more correctly match Docker? I keep
getting service submissions for ServeRAID with this response for
GenericLines, GetRequest, HTTPOptions, RTSPRequest, Help, SSLSessionReq,
TLSSessionReq, Kerberos, FourOhFourRequest, LPDString, and SIPOptions.
Would putting it under any of those avoid matching Docker?

Thanks,
Dan

On Wed, Jul 6, 2016 at 2:36 PM, <commit-mailer () nmap org> wrote:

> Author: tomsellers
> Date: Wed Jul  6 12:36:12 2016
> New Revision: 35956
>
> Log:
> Remove generic matchline causing FP against Docker
>
> Modified:
>    nmap/nmap-service-probes
>
> Modified: nmap/nmap-service-probes
> ============================================================
> ==================
> --- nmap/nmap-service-probes    (original)
> +++ nmap/nmap-service-probes    Wed Jul  6 12:36:12 2016
> @@ -9589,7 +9589,6 @@
>  #match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\n\r\n$|
> p/apt-proxy httpd/
>
>  # Fairly general:
> -match http m|^HTTP/1\.1 400 Bad Request\r\n\r\n$| p/IBM ServeRAID
> controller httpd/ d/storage-misc/
>  # http://svn.dd-wrt.com:8000/dd-wrt/browser/src/router/httpd/httpd.c
>  match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: micro_httpd\r\n|
> p/micro_httpd/ cpe:/a:acme:micro_httpd/
>  match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n|
> p/RapidLogic httpd/ v/$1/ cpe:/a:rapidlogic:httpd:$1/
>
> _______________________________________________
> Sent through the svn mailing list
> https://nmap.org/mailman/listinfo/svn
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/