Re: Microsoft SQL Server fingerprint question

[doug () hcsw org]

Hi Tom,

Like Fyodor said, this is probably the best option:

On Thu, Jan 03, 2008 at 07:31:05PM -0600 or thereabouts, Tom Sellers wrote:
> 4.  Have multiple match lines and/or lua scripts that detect the
>      version and other details.

Especially if the match lines exist in their own probe, it
doesn't make much difference how many match lines are added.
Insert all the ones you have seen so far and then if other
people see other ones in the wild, hopefully they will submit
a fingerprint and we can add them then.

NSE scripts are of course the best choice if the protocol
requires complicated parsing. Part of the reason we use
lua for NSE is so we don't have to keep adding hacks in C
to the version detection engine. Version detection helper
functions are difficult to add and fairly special case.
Almost no match lines in nmap-service-probes use them.
So the patch I sent is just for demonstration purposes.
But who knows? Maybe somebody someday will find it useful.

Thanks for helping and if you have further questions, please
don't hesitate to ask the list!

Best,

Doug

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org