Nmap Development mailing list archives

Re: More Service Detection Notes

From: Fyodor <fyodor () insecure org>
Date: Tue, 1 Aug 2006 00:28:21 -0700

On Tue, Jul 25, 2006 at 10:19:22PM -0700, doug () hcsw org wrote:

Thanks to Google's Summer of Code I was again able to spend the last
week integrating your service detection submissions! Thank you to
everybody who submitted.


Yay!  To you and the submitters.  The updates will be in the next
release.

As usual, I've added a blog entry with an edited selection of my notes:

http://www.hcsw.org/blog.pl?a=19&b=19

I discuss Skype 2.0, Cisco ACNS, protocols that consider remote
source ports, outbound filtered tcp/25, and more.


But the best part is the gallery of bizarre service banners :).
Watch out for the Browser Sux Error!

BTW, I noticed that the Haxdoor trojan signature mentioned in your
blog seems to be missing a p// element.  So I added one (after a bit
of Googling):

-match backdoor m|^A-311 Death welcome\x001\.87| i/**BACKDOOR**/ o/Windows/
+match backdoor m|^A-311 Death welcome\x001\.87| p/Haxdoor trojan/ i/**BACKDOOR**/ o/Windows/

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

More Service Detection Notes doug (Jul 25)
- Re: More Service Detection Notes (Skype) Brandon Enright (Jul 25)
  - Re: More Service Detection Notes (Skype) doug (Jul 26)
    - Re: More Service Detection Notes (Skype) Brandon Enright (Jul 26)
    - Re: More Service Detection Notes (Skype) Fyodor (Jul 27)
    - Re: More Service Detection Notes (Skype) Brandon Enright (Jul 27)
- Re: More Service Detection Notes Fyodor (Aug 01)
  - Re: More Service Detection Notes doug (Aug 01)
  - Re: More Service Detection Notes Brandon Enright (Aug 02)
    - Re: More Service Detection Notes Fyodor (Aug 02)