Nmap Development mailing list archives
Re: Kerberos probes for nmap
From: David Fifield <david () bamsoftware com>
Date: Sat, 12 Dec 2009 17:25:35 -0700
On Sat, Nov 28, 2009 at 09:20:53PM +0100, Patrik Karlsson wrote:
I noticed that Kerberos get's detected fine when running against Windows but my Heimdal hosts are not detected. Running over TCP the RPCCheck probe seems to trigger an answer. Here's the signature: SF-Port88-TCP:V=5.10BETA1%I=7%D=11/28%Time=4B1181BB%P=i386-apple-darwin10.2.0%r(RPCCheck,55,"\0\0\0Q~O0M\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\ SF:x11\x18\x0f20091128200203Z\xa5\x05\x02\x03\x08i@\xa6\x03\x02\x01=\xa9\x SF:15\x1b\x13<unspecified\x20realm>\xaa\x0b0\t\xa0\x03\x02\x01\0\xa1\x020\ SF:0");
Thanks for checking this out. If the RPCCheck probe gets a response, then let's just add another match line instead of a whole new probe. Just follow the instructions at http://insecure.org/cgi-bin/submit.cgi?new-service Those submissions are due to be processed soon. It would be worth adding a new probe if the new probe could provide a lot more information, like a version number or server name. And then, it's best to make the match specific at first. Otherwise people will see "Kerberos" in the output and think, "good enough," and not submit fingerprints that might allow us to be more discriminating. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Kerberos probes for nmap Patrik Karlsson (Nov 28)
- Re: Kerberos probes for nmap David Fifield (Dec 12)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 12)
- Re: Kerberos probes for nmap David Fifield (Dec 15)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 15)
- Re: Kerberos probes for nmap David Fifield (Dec 21)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 21)
- Re: Kerberos probes for nmap David Fifield (Dec 22)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 28)
- kerberos-get-realm.nse David Fifield (Dec 31)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 15)
- Re: Kerberos probes for nmap David Fifield (Dec 12)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 21)