Re: Q4'06 Service Submissions are done!

[Brandon Enright <bmenrigh () ucsd edu>]

On Sun, 15 Apr 2007 01:55:12 -0700
doug () hcsw org wrote:

> Hi nmap-dev!
>
> I just finished the Q4'06 service submissions. I checked the new
> probes file into SVN. It includes many changes by myself and
> Brandon Enright's new Hello probe.
>
> I documented some of the more interesting submissions and match
> lines on my blog here:
>
> http://hcsw.org/blog.pl
>
> Highlights:
>   * New Hello probe should increase SMTP granularity
>   * Now detects even stealth Kojoney SSH honeypots
>   * apt-cache false positives should be fixed
>   * See Nmap take a cable modem to its knees :)
>
> (Perma-link to article is http://hcsw.org/blog.pl?a=24&b=24 )
>
> Best,
>
> Doug
>
> PS I just added RSS support to my blog!

Excellent work, I always enjoy reading your SF write-ups.  Regarding the
fake SSH on FTP banner, did you include a match?  We see that technique
used pretty often by semi-intelligent attackers trying to hide backdoor ftp
servers on our systems.  Believe it or not, the technique has actually
worked to fool some of our admins that aren't very familiar with different
service banners.  If you would like I'll send you a few examples.  They're
pretty easy to match generically though.

Brandon


PS... I don't think it is any of your business knowing what NOYB stands
for :-p.

Attachment: signature.asc
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org