Nmap Development mailing list archives
Re: Famatech RAdmin fingerprint probe and match set
From: Fyodor <fyodor () insecure org>
Date: Sat, 12 Jan 2008 19:53:04 -0800
On Tue, Jan 08, 2008 at 07:04:28PM -0600, Tom Sellers wrote:
I have generated a Probe/Match combination for the RAdmin remote control software.
Thanks Tom! Usually Doug handles these, but he hasn't responded to your message and so I integrated them. If he has improvement ideas, he can alwasy check them in. I made a few changes to your entry: o Added rarity 8 so that this is only done against port 4899 (unless --version-all is used) o Moved the version number into v// section o Changed RAdmin to Radmin since the latter is how the company seems to capitalize it o Qualified Radmin with Famatech company name o Removed "remote control software" from product name. This was a tough decision since it can be useful for people who aren't familiar with the service. But the signature text is already quite long without that. o s/Using // (save space) o Removed the generic match, since it is better for us to print a o Changed the generic match line to a softmatch so we still print a fingerprint, as we would like a user to submit this with the proper version information and such. Here is the new entry in SVN: Probe TCP Radmin q|\x01\x00\x00\x00\x01\x00\x00\x00\x08\x08| ports 4899 rarity 8 match radmin m|^\x01\x00\x00\x00\x25\x09\x00\x01\x10\x08\x01\x00\x09\x08| p/Famatech Radmin/ v/2.X/ o/Windows/ i/Windows Authentication/ match radmin m|^\x01\x00\x00\x00\x25\x0a\x00\x01\x10\x08\x01\x00\x0a\x08| p/Famatech Radmin/ v/2.X/ o/Windows/ i/Radmin Authentication/ match radmin m|^\x01\x00\x00\x00\x25\x00\x00\x02\x12\x08\x02\x00\x00\x0a| p/Famatech Radmin/ v/3.X/ o/Windows/ i/Radmin Authentication/ match radmin m|^\x01\x00\x00\x00\x25\x71\x00\x02\x12\x08\x02\x00\x71\x0a| p/Famatech Radmin/ v/3.X/ o/Windows/ i/Windows Authentication/ softmatch radmin m|^\x01\x00\x00\x00\x25| p/Famatech Radmin/ o/Windows/ If you can update your SVN and give it a try, that would be great! Thanks again, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Famatech RAdmin fingerprint probe and match set Tom Sellers (Jan 08)
- Re: Famatech RAdmin fingerprint probe and match set Fyodor (Jan 12)
- Re: Famatech RAdmin fingerprint probe and match set doug (Jan 13)
- Re: Famatech RAdmin fingerprint probe and match set Fyodor (Jan 12)