Nmap Development mailing list archives
Service Detection: SIP end point
From: Tom Sellers <nmap () fadedcode net>
Date: Thu, 20 Mar 2008 18:10:42 -0500
I have attached a patch below that detects a generic SIP end point. There are several match lines in the service-probes file for SIP end points, but each seems to be for a specific device. None of these detected the SIP service on the Cisco devices in the environment I was testing in. None of the SIP responses provided by the devices returned information that would seem to allow the fingerprinting of a specific SIP implementation on Cisco gear as opposed to any other device. The attached patch adds a match line that detects a standard SIP response to the nmap SIPOptions probe. It its current state, the match line should capture a standard SIP response and return the service identity as well as placing the status in the info field. I hope this isn't too much information. On standard ports the information field will say "Status: 200 OK" which might not be that helpful. When the port not in an OK state the output would be more useful, such as "Status: 503 Service Unavailable" or "Status: 600 Busy Everywhere". According to the following link, the match line should work on all standard implementations: http://en.wikipedia.org/wiki/SIP_Responses Tom Sellers
Attachment:
patch_generic_SIP_endpoint
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Service Detection: SIP end point Tom Sellers (Mar 20)
- Re: Service Detection: SIP end point Brandon Enright (Mar 20)
- Re: Service Detection: SIP end point Tom Sellers (Mar 20)
- Re: Service Detection: SIP end point (1 match, 2 softmatch) Tom Sellers (Mar 21)
- Re: Service Detection: SIP end point Brandon Enright (Mar 20)