|
Nmap Development
mailing list archives
Re: More Service Detection Notes
From: Fyodor <fyodor () insecure org>
Date: Tue, 1 Aug 2006 00:28:21 -0700
On Tue, Jul 25, 2006 at 10:19:22PM -0700, doug () hcsw org wrote:
Thanks to Google's Summer of Code I was again able to spend the last
week integrating your service detection submissions! Thank you to
everybody who submitted.
Yay! To you and the submitters. The updates will be in the next
release.
As usual, I've added a blog entry with an edited selection of my notes:
http://www.hcsw.org/blog.pl?a=19&b=19
I discuss Skype 2.0, Cisco ACNS, protocols that consider remote
source ports, outbound filtered tcp/25, and more.
But the best part is the gallery of bizarre service banners :).
Watch out for the Browser Sux Error!
BTW, I noticed that the Haxdoor trojan signature mentioned in your
blog seems to be missing a p// element. So I added one (after a bit
of Googling):
-match backdoor m|^A-311 Death welcome\x001\.87| i/**BACKDOOR**/ o/Windows/
+match backdoor m|^A-311 Death welcome\x001\.87| p/Haxdoor trojan/ i/**BACKDOOR**/ o/Windows/
Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
 By Date 
By Thread
Current thread:
- Re: More Service Detection Notes (Skype), (continued)
- Re: More Service Detection Notes Fyodor (Aug 01)
| 
Intro
