Re: Service Detection: BMC Configuration Management

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 11 Jun 2008 17:50:34 -0500 or thereabouts Tom Sellers
<nmap () fadedcode net> wrote:

> I have attached a pair of match lines that detect the client side
> portion of the BMC (formerly Marimba) Configuration Management
> software.  The client portion is called a Tuner and typically lives
> on port 7717.  Depending on the state of the software the service
> will return either a 200 or 401 response to the GetRequest probe.
>
> The product section says "BMC(Marimba) Configuration Management".  I
> wasn't satisfied with it but I could not figure out how to escape a
> "/" in the p// section.
>
> Tom

Hey Tom, these look pretty good.  I have a few comments:

* You place capturing parens around HTTP... which slow down PCRE.
* You use HTTP/1.0 200 for one match and 1.1 401 for the other.  Can
these codes be returned for just those respective versions of HTTP?
* You can use the same p|| trick to embed '/' that you used with m||.
Any paired delimiter will work (), ##, [], etc.

If you adjust these match lines I'm sure they will be able to be
integrated.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkhQWzcACgkQqaGPzAsl94LAXgCgkodx/KJ3ZTfBbOk2dpMMnNFm
07cAnA3t+PChV4aT6YveN9Dqlxh9gpD8
=F3ca
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org