From b1544ec5b5d27a1698dec39eb5e096c7844e5b46 Mon Sep 17 00:00:00 2001
From: fyodor <fyodor@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 30 Jan 2009 23:14:41 +0000
Subject: [PATCH] removed p/Windows XP identd/ due to report from Brandon
 Enright to nmap-dev that there is no native Windows XP identd and plus
 backdoors commonly trigger this signature.  Those are Windows backdoors, so
 we'll keep o/Windows/ unless we see this matching other systems

---
 nmap-service-probes | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nmap-service-probes b/nmap-service-probes
index 219b859b8..658aec0dc 100644
--- a/nmap-service-probes
+++ b/nmap-service-probes
@@ -2959,7 +2959,7 @@ match ident m|^: USERID : UNIX : CacheFlow Server\r\n| p/CacheFlow identd/ o/Cac
 match ident m|^:USERID:OTHER:\d+-ident-is-a-completely-pointless-protocol-that-offers-no-security-or-traceability-at-all-so-take-this-and-log-it!\r\n| p/Fake identd/
 match ident m|^ : USERID : UNIX : ([-\w_]+)$| p/Klient identd/ i/IRC Nick $1/
 match ident m|^\r\n: ERROR : HIDDEN-USER\r\n$| p/Borderware Firewall identd/ d/firewall/
-match ident m|^ : USERID : UNIX : [a-z]{4,8}\r\n$| p/Windows XP identd/ o/Windows/
+match ident m|^ : USERID : UNIX : [a-z]{4,8}\r\n$| o/Windows/
 match ident m|^1 , 1 : USERID : OTHER : chuck-the-bsd-deamon\r\n$| p/widentd/
 match ident m|^,  : USERID : UNIX : [^\r\n]+\r\n$| p/FTPRush FTP client identd/ o/Windows/
 match ident m|^0 , 0 : ERROR : FORMAT-ERROR\r\n$| p/GTA GB-Ware firewall identd/ d/firewall/