Nmap Development mailing list archives
Re: [PATCH] Replace kibuvDetection.nse with service matchline
From: Kris Katterjohn <katterjohn () gmail com>
Date: Sun, 25 May 2008 18:33:18 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brandon Enright wrote:
This malware is old enough and rare enough now that it probably doesn't matter but we might try adding a second match line after your first one like so: match backdoor m|^220 [Sf.][tu.][nc.][yk.][.F][t.][p.][d.] [0.][w.][n.][s.] [j.][0.]\r?\n|i p/Generic Kibuv worm/ i/**BACKDOOR**/ o/Windows/
Thanks, I've added your line to the patch and committed it. I also changed my original matchline to use / as a delimiter since I use | in the pattern, whoops :)
Brandon
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSDn3Ov9K37xXYl36AQKecQ/8DylAt4p1OvsssOMkJwsA0kBTDLz3YErX JWF7Xa+Cjcu3JVScNzFVHTePzWiOKaq+R1R7Vn062+AdmgCXA1Sh6kd7G3Sn56KK mgCnDEMrvZptiH6H+v4vzw30IkZ0p2HNu2iaBmAfHl5YZPKje6i/Iik/hBCZwhXM MikFXgHxXNImCLC0Z6UASM1YzNOYxG0lUS9VJXG54psHDK3nHynu5N/mxWYmumuu nu9jND9+sksdxkbh0RF2cLsGf4mLTlWohQFV8LMHXyVLMELmij1STXpzNUBEww/o 4vqvsmHZ4pVJ0MLP6Lk8O4OSL0ea/IqOOGowmhr8jCPCewm5hq/Yi4mC8iG6LwVY d+tjDCp7OvChGXj6eqdEgQYf3zq2hfr/eH5TLXG9lLkXciNjbQiuz786mizue2ie F67h1cRODsTAkboLV2Z+6vMs1xoIrEeO/PeBk+uw7TBXg7n5Oj5xRgg8A+jYbSG5 rilDp6yrL6SlEqaCDhXlqDQLM4pqzQHLgC4YVzDEOU3dJ8x9pA0KpFXB3cHkMOdY uqO9sn7mFscQVPcybFP652FRNjJxH4dgEUi2nPOAVVnyeTUqzJZl8mXD/iN87Lbm xZ55KFOamEGcQJwVR9bdwnb9gOEkQvzIgyUmAlIy9Loq0j9BROpaxqxoZ+dvnmgH nnSWExwcVAY= =j5Mq -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Replace kibuvDetection.nse with service matchline Kris Katterjohn (May 25)
- Re: [PATCH] Replace kibuvDetection.nse with service matchline Fyodor (May 25)
- Re: [PATCH] Replace kibuvDetection.nse with service matchline Brandon Enright (May 25)
- Re: [PATCH] Replace kibuvDetection.nse with service matchline Kris Katterjohn (May 25)