Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [PATCH] Match line update for Famatech Radmin remote control
From: Tom Sellers <nmap () fadedcode net>
Date: Wed, 10 Jun 2009 06:36:58 -0500

Brandon Enright wrote:
Hey Tom, this patch looks really good but before I check it in, I have
a question about the softmatch.

Is "m|^\x01\x00\x00\x00\x25|" broken?  Your change to
"m|^\x01\x00\x00\x00.{3}\x02\x12\x08\x02|" is a lot more specific.  Is
there a case where the original would match but your change won't?


Thanks for catching the mistake Brandon!

How embarrassing to attempt to fix a match line only to botch it.  The original
softmatch line would fail on Radmin 3.x, the new one would not, had it been
correct.

A better softmatch would be:

softmatch radmin m|^\x01\x00\x00\x00.{5}\x08.\x00| p/Famatech Radmin/ o/Windows/

If you think that the line is too generic I can alter it to include options for
the two values I have seen at position 8 (x01 and x02), 9 (x10 and x12) and
11 (x01 and x02).  My concern is that a new minor release would come out and change
those fields, breaking the softmatch.

Tom

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]