Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005

[Tom Sellers <nmap () fadedcode net>]

Fyodor wrote:
> On Tue, Jan 08, 2008 at 06:54:02PM -0600, Tom Sellers wrote:
> > Based on the feedback from Doug and Fyodor I have generated a
> > probe/match set for Microsoft SQL Server 2000 and 2005.  MS SQL
> > Server's response to the probe includes the major and minor
> > software revision in hex.
>
> Hi Tom.  Would you send us your latest version of this?  One nit is
> that the version information should be in v// and not the program name
> (p//) field.  Maybe including the year in the product name is OK
> (e.g. Microsoft SQL Server 2005), but the build number and SP should
> probably be in v// or i// fields as appropriate.  See
> http://insecure.org/nmap/vscan/vscan-fileformat.html#vscan-db-match .
>
> Cheers,
> -Fyodor


Thomas Buchanan made several excellent improvements to this on
Feb 7 and 8th.  I think the only remaining items are addressing
your concerns about the versions being in the p// field.  I will
submit a patch tonight that has these changes made.  I have been
a bit torn on which data to put in which field.  After looking at
the command line and XML output I think I have settled on putting
the Service Pack in the version field (v//) and the build in the
information field (i//).

For example:  v/SP3/  i/Build:8.00.760/

I welcome any comments concerning preferences or nmap conventions
on this.

Tom

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org