Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Service Detection: BMC Configuration Management
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 11 Jun 2008 23:09:33 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 11 Jun 2008 17:50:34 -0500 or thereabouts Tom Sellers
<nmap () fadedcode net> wrote:

I have attached a pair of match lines that detect the client side
portion of the BMC (formerly Marimba) Configuration Management
software.  The client portion is called a Tuner and typically lives
on port 7717.  Depending on the state of the software the service
will return either a 200 or 401 response to the GetRequest probe.

The product section says "BMC(Marimba) Configuration Management".  I
wasn't satisfied with it but I could not figure out how to escape a
"/" in the p// section.

Tom


Hey Tom, these look pretty good.  I have a few comments:

* You place capturing parens around HTTP... which slow down PCRE.
* You use HTTP/1.0 200 for one match and 1.1 401 for the other.  Can
these codes be returned for just those respective versions of HTTP?
* You can use the same p|| trick to embed '/' that you used with m||.
Any paired delimiter will work (), ##, [], etc.

If you adjust these match lines I'm sure they will be able to be
integrated.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkhQWzcACgkQqaGPzAsl94LAXgCgkodx/KJ3ZTfBbOk2dpMMnNFm
07cAnA3t+PChV4aT6YveN9Dqlxh9gpD8
=F3ca
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]