Nmap Development mailing list archives
Re: Microsoft SQL Server fingerprint question
From: doug () hcsw org
Date: Sun, 6 Jan 2008 22:38:42 -0800
Hi Tom, Like Fyodor said, this is probably the best option: On Thu, Jan 03, 2008 at 07:31:05PM -0600 or thereabouts, Tom Sellers wrote:
4. Have multiple match lines and/or lua scripts that detect the version and other details.
Especially if the match lines exist in their own probe, it doesn't make much difference how many match lines are added. Insert all the ones you have seen so far and then if other people see other ones in the wild, hopefully they will submit a fingerprint and we can add them then. NSE scripts are of course the best choice if the protocol requires complicated parsing. Part of the reason we use lua for NSE is so we don't have to keep adding hacks in C to the version detection engine. Version detection helper functions are difficult to add and fairly special case. Almost no match lines in nmap-service-probes use them. So the patch I sent is just for demonstration purposes. But who knows? Maybe somebody someday will find it useful. Thanks for helping and if you have further questions, please don't hesitate to ask the list! Best, Doug
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Microsoft SQL Server fingerprint question Tom Sellers (Jan 03)
- Re: Microsoft SQL Server fingerprint question doug (Jan 03)
- Message not available
- Re: Microsoft SQL Server fingerprint question doug (Jan 04)
- Re: Microsoft SQL Server fingerprint question Tom Sellers (Jan 04)
- Message not available
- Re: Microsoft SQL Server fingerprint question doug (Jan 03)
- Re: Microsoft SQL Server fingerprint question Fyodor (Jan 04)
- Re: Microsoft SQL Server fingerprint question doug (Jan 06)