|
Nmap Development
mailing list archives
Microsoft SQL Server fingerprint question
From: Tom Sellers <nmap () fadedcode net>
Date: Thu, 03 Jan 2008 19:31:05 -0600
NMap does not fingerprint Microsoft SQL running on TCP 1433 in my
test environment. It also does not generate a fingerprint for
submission.
I have a reliable probe, based on a packet capture and some google-fu,
that will elicit a response from MS SQL 2000 and 2005. (It might also
work with SQL 7 but I do not have a host to test.) The response from
the server starts with a consistent set of bytes so a signature can
be generated from this. Towards the end of the response is a hex
encoded server software version string.
What would be the best way to handle this:
1. Have a single match line that detects that MS SQL is running
on the port.
2. Have 3 match lines to detect the major versions of MS SQL,
for example MS SQL 2000, MS SQL 2005, etc. Perhaps add a
softmatch line before these to provide generic MS SQL detection
for future proofing.
3. Use a match line with pattern matching to extract the version
number in hex, convert it to decimal and present it. Can this
be done? (I saw a mention of helper functions in the docs but
could not find anything else about them. The comment toward
the bottom of the match section:
http://insecure.org/nmap/vscan/vscan-fileformat.html#vscan-db-match)
4. Have multiple match lines and/or lua scripts that detect the
version and other details.
5. Some other option that I haven't considered.
Thanks much!
Tom
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
|
Intro
