From 715338f9cb68e73d0e6ad7d9598f5f583f122638 Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 23 Apr 2011 00:23:49 +0000
Subject: [PATCH] Add a distinguishing byte (\x01 for PING reply) to the
 BackOrifice probe.

---
 nmap-service-probes | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nmap-service-probes b/nmap-service-probes
index a67bf309c..fc0ff8fb5 100644
--- a/nmap-service-probes
+++ b/nmap-service-probes
@@ -10019,5 +10019,5 @@ Probe UDP BackOrifice q|\xCE\x63\xD1\xD2\x16\xE7\x13\xCF\x38\xA5\xA5\x86\xB2\x75
 ports 31337
 rarity 9
 
-# Encryption of "*!*QWTY?.........  !PONG!1.20!".
-match BackOrifice m|^\xCE\x63\xD1\xD2\x16\xE7\x13\xCF.........\x12\x78\xC4\xE3\xD6\xA6\x65\x51\x75\x51\xEB\x2A\x3F|s p/BackOrifice trojan/ o/Windows/ v/1.20/ i/no password/
+# Encryption of "*!*QWTY?........\x01  !PONG!1.20!".
+match BackOrifice m|^\xCE\x63\xD1\xD2\x16\xE7\x13\xCF........\x01\x12\x78\xC4\xE3\xD6\xA6\x65\x51\x75\x51\xEB\x2A\x3F|s p/BackOrifice trojan/ o/Windows/ v/1.20/ i/no password/