o Renamed irc-zombie.nse to auth-spoof and improved its description

and output a bit. [Fyodor]
2025-12-30 03:19:02 +00:00 · 2008-11-06 21:58:29 +00:00
parent cfb9678a60
commit c73dfd173a
2 changed files with 9 additions and 4 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o Renamed irc-zombie.nse to auth-spoof and improved its description
+  and output a bit. [Fyodor]
+
 o Most script names were changed to make them more consistent.
  [Fyodor, David]

--- a/scripts/auth-spoof.nse
+++ b/scripts/auth-spoof.nse
@@ -1,8 +1,10 @@
 description = [[
-Checks for an IRC zombie.
+Checks for an identd (auth) server which is spoofing its replies.

-If port 113 responds before we ask it then something is fishy. Usually this
-means that the host is an IRC zombie.
+Tests whether an identd (auth) server responds with an answer before
+we even send the query.  This sort of identd spoofing can be a sign of
+malware infection though it can also be used for legitimate privacy
+reasons.
 ]]

 author = "Diman Todorov <diman.todorov@gmail.com>"
@@ -23,6 +25,6 @@ action = function(host, port)
 		return
 	end

-	return owner
+	return "Spoofed reply: " .. owner
 end