Hi list,
We scanned a PolyCom Viewstation and we're seeing that in the XML output
that what would usually be the product is instead being shown as the version
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack"
reason_ttl="58"/><service name="http" version="PolyCom ViewStation"
devicetype="webcam" method="probed" conf="10" /><script id="HTML title"
output="Comp-10 : Web Interface" /></port>
We looked in the nmap-service-probes file, and on line 3408 there is
indeed a v// instead of what, I think, should be a p//
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Viavideo-Web\r\n|s
v/PolyCom ViewStation/ d/webcam/
should be
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Viavideo-Web\r\n|s
p/PolyCom ViewStation/ d/webcam/
This makes the output appear more correct
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack"
reason_ttl="58"/><service name="http" product="PolyCom ViewStation"
devicetype="webcam" method="probed" conf="10" /><script id="HTML title"
output="Comp-10 : Web Interface" /></port>
Using 4.49RC7 on a RHEL 4.4 box.
Thanks,
Tim
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Dec 12 2007
Intro
