Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Service Detection: Goverlan Remote Administration Suite by PJ Technologies
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 11 Jun 2008 23:16:36 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 11 Jun 2008 18:00:20 -0500 or thereabouts Tom Sellers
<nmap () fadedcode net> wrote:

I have attached a match line that detects the client side Agent
of the Goverlan Remote Administration Suite.  This portion allows
for remote control (similar to VNC) as well as host management.  The
product page can be found here:

http://www.pjtec.com/GoverLAN/index.htm

The client portion listens on TCP 21157, 21158 or 21158 and responds
to the GetRequest probe.

Tom

Tom,

Looks good.  Sorry to bug you with a few more questions about this
match.

* You don't have a anchor (zero-width assertion) in your match.  Can ^
or $ be added to the match?  Failed matches on expressions without
anchors can be very expensive.  Even something like ^.?.?.?.?<regex>
will speed up failed matches many orders of magnitude if there is a
variable (but short) preamble to where your expression matches.

* You said this will match a GetRequest probe.  Is the "HT" a truncated
version of "HTTP" or something entirely different?

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkhQXNUACgkQqaGPzAsl94Jw7gCeODyOb56vkOtFLo0O5sLQYjU4
RBsAoLdmgRSWCldwdXpE3V0L8RIP+h5D
=HSVQ
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]