Nmap Development mailing list archives
Re: Version detection of Ldap Service using nmap
From: MadHat <madhat () unspecific com>
Date: Fri, 5 Dec 2003 15:55:19 -0600
On Dec 4, 2003, at 11:18 PM, Anil Kumar D.K wrote:
Hi all, I am trying to find version of ldap service using nmap. nmap 10.10.40.223 -p389 -AFor Microsoft Active directory, I am getting the right information. (As the match string already exists in nmap-service-probes file)I would like to find version of ldap service of the following vendors Critical Path Directory Service 4.2 Siemens Directory DirX 6.0For Critical Path Directory Service 4.2, I got the service finger print as belowD:\nmap-3.48>nmap 10.10.40.223 -p1702 -AStarting nmap 3.48 ( http://www.insecure.org/nmap ) at 2003-12-05 10:35 India Standard Time Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP portInteresting ports on EWSMC280 (10.10.40.223): PORT STATE SERVICE VERSION 1702/tcp open unknown1 service unrecognized despite returning data. If you know the service/version,please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port1702-TCP:V=3.48%D=12/ 5%Time=3FD01237%r(LDAPBindReq,E,"0\x0c\x02\x01SF:\x01a\x07\n\x01\0\x04\0\x04\0"); Device type: general purpose Running: Microsoft Windows 95/98/ME|NT/2K/XPOS details: Microsoft Windows Millennium Edition (Me), Windows 2000 Professionalor Advanced Server, or Windows XPNmap run completed -- 1 IP address (1 host up) scanned in 13.570 secondsI have submitted the fingerprint to http://www.insecure.org/cgi-bin/servicefp-submit.cgi I tried to use the match string "0\x0c\x02\x01\x01a\x07\n\x01\0\x04\0\x04\0" in the nmap-service-probes for Ldap serviceBut this string matches even for openLDAP 1.4.x Is there any way to get a unique string for each ldap product? Any help will be really appreciated.
If they return the exact same thing, it is not going to be possible. The only other option is to try and figure out a different probe to send to get a different response from each lpad server. The problem then comes in on wether it works with the most ldap servers. You don't want 3 or 4 probes for a single service, then it takes a lot longer if the service is not known or even when it is. You want one probe that elicits the most data to be able to fingerprint the most number of unique servers accurately.
---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Version detection of Ldap Service using nmap Anil Kumar D.K (Dec 04)
- Re: Version detection of Ldap Service using nmap MadHat (Dec 05)
- Re[2]: Version detection of Ldap Service using nmap Bo Cato (Dec 05)
- Re: Version detection of Ldap Service using nmap MadHat (Dec 05)