Re: [PATCH] Match line update for Famatech Radmin remote control

[Tom Sellers <nmap () fadedcode net>]

Brandon Enright wrote:
> Hey Tom, this patch looks really good but before I check it in, I have
> a question about the softmatch.
>
> Is "m|^\x01\x00\x00\x00\x25|" broken?  Your change to
> "m|^\x01\x00\x00\x00.{3}\x02\x12\x08\x02|" is a lot more specific.  Is
> there a case where the original would match but your change won't?

Thanks for catching the mistake Brandon!

How embarrassing to attempt to fix a match line only to botch it.  The original
softmatch line would fail on Radmin 3.x, the new one would not, had it been
correct.

A better softmatch would be:

softmatch radmin m|^\x01\x00\x00\x00.{5}\x08.\x00| p/Famatech Radmin/ o/Windows/

If you think that the line is too generic I can alter it to include options for
the two values I have seen at position 8 (x01 and x02), 9 (x10 and x12) and
11 (x01 and x02).  My concern is that a new minor release would come out and change
those fields, breaking the softmatch.

Tom

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org