mailing list archives
OpenSSH hpn detection
From: Matt Selsky <selsky () columbia edu>
Date: Tue, 30 Oct 2007 01:55:12 -0400
When I updated to the 2007q3 service-probes in SVN r5980, I started
having service info problems.
# ./nmap -O -p22,23 -sV mustard
Starting Nmap 4.22SOC8 ( http://insecure.org ) at 2007-10-30 01:37 EDT
Interesting ports on mustard (xx.xx.xx.xx):
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.7p1-hpn12v17 (protocol 2.0)
23/tcp closed telnet
Device type: general purpose
Running (JUST GUESSING) : Sun Solaris 9|10 (90%)
Aggressive OS guesses: Sun Solaris 9 or 10 (SPARC) (90%), Sun Solaris 9
or 10 (89%), Sun Solaris 9 (SPARC) (88%)
No exact OS matches for host (test conditions non-ideal).
Uptime: 24.216 days (since Fri Oct 5 20:26:49 2007)
Network Distance: 7 hops
Service Info: OS: HP-UX
OS and Service detection performed. Please report any incorrect results
at http://insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.299 seconds
This device is in fact running Solaris 9/SPARC. The problem seems to be
that an OpenSSH with "-hpn" in the version string now assumes
The -hpn string comes from the High Performance Networking patches for
OpenSSH (http://www.psc.edu/networking/projects/hpn-ssh/) and has
nothing to do with HP-UX.
Also the -hpn should have a number after it, but not all of the service
fingerprints do. I guess those are from a different set of OpenSSH
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org
- OpenSSH hpn detection Matt Selsky (Oct 30)