PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-01 20:39:02 +00:00
Code Issues Projects Releases Wiki Activity

Syncing the service names between nmap-service-probes and nmap-services

Browse Source 
$ svn diff | grep '^+[^+#]' | wc -l
101

nmap-service-probes

backupexecra    => backupexec-remote
bitdefender-ctl => bitdefender-ctrl
bittorent       => bittorrent
chat-ctl        => chat-ctrl
dantzretrospect => retrospect
directconenct   => directconnect
fw1-topo        => fw1-topology
icecreamd       => icecream
issrealsecure   => iss-realsecure
landesk         => landesk-rc
memcached       => memcache
msactivesync    => activesync
oracle-dbsnmp   => dbsnmp
policyd         => policy
pppd            => ppp
rpc             => rpcbind
spamd           => spamassassin
ssl/imap        => imaps
ssl/pop3        => pop3s
ssl/sophos      => sophos/ssl
ssl/vmware-auth => vmware-auth/ssl
telnet-ssl      => telnets
xmailctl        => xmail-ctrl

nmap-services

afpovertcp            => afp
bittorent-tracker     => bittorrent-tracker
boinc-client          => boinc
cfingerd              => finger
dantz                 => retrospect
FW1-mc-fwmodule       => fw1-mc-fwmodule
Fw1-mc-gui            => fw1-mc-gui
FW1-or-bgmp           => fw1-or-bgmp
FW1-secureremote      => fw1-secureremote
gkrellmd              => gkrellm
iss-realsecure-sensor => iss-realsecure
macon-{tcp,udp}       => macon
maybeFW1              => maybe-fw1
maybeveritas          => maybe-veritas
nessusd               => nessus
NetBus                => netbus
opsec_*               => opsec-*
orasrv         [udp]  => oracle
postgres              => postgresql
PowerChute            => powerchute
PowerChutePLUS        => powerchuteplus
tor-controlport       => tor-control
tor-socksport         => tor-socks
tor-transport         => tor-trans
UPnP                  => upnp
VeritasBackupExec     => backupexec
VeritasNetbackup      => netbackup
This commit is contained in:
kris
2008-04-29 17:03:09 +00:00
parent 9a89b403f9
commit f72667fe44
2 changed files with 107 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
nmap-service-probes
View File

@@ -42,6 +42,11 @@ Probe TCP NULL q||
totalwaitms 6000
match acap m|^\* ACAP \(IMPLEMENTATION \"CommuniGate Pro ACAP (\d[-.\w]+)\"\) | p/CommuniGate Pro ACAP server/ i/for mail client preference sharing/ v/$1/
match activemq m|^\0\0\0\xae\x01ActiveMQ\0\0\0| p/Apache ActiveMQ/
# Microsoft ActiveSync Version 3.7 Build 3083 (It's used for syncing
# my ipaq it disapears when you remove the ipaq.)
match activesync m|^.\0\x01\0[^\0]\0[^\0]\0[^\0]\0[^\0]\0[^\0]\0.*\0\0\0$|s p/Microsoft ActiveSync/ o/Windows/
# Ad-Aware SE Enterprise Edition 2005/Ad-Axis Client 1.0
match adaware m|^IceP\x01\0\x01\0\x03\0\x0e\0\0\0| p/Lavasoft Ad-Aware SE Enterprise/
# AMANDA index server 2.4.2p2 on Linux 2.4
@@ -84,7 +89,7 @@ match backdoor m|^220 CAFEiNi [-\w_.]+ FTP server\r\n$| p/CAFEiNi trojan/ i/**BA
match bf2rcon m|^### Battlefield 2 ModManager Rcon v([\d.]+)\.\n### Digest seed: \w+\n\n| p/Battlefield 2 ModManager Remote Console/ v/$1/
# Bittorrent Client 3.2.1b on Linux 2.4.X
match bittorent m|^\x13BitTorrent protocol\0\0\0\0\0\0\0\0| p/Bittorrent P2P client/
match bittorrent m|^\x13BitTorrent protocol\0\0\0\0\0\0\0\0| p/Bittorrent P2P client/
# BMC Software Patrol Agent 3.45 and HP Patrol Agent
match softwarepatrol m|^\0\0\0\x17i\x02\x03..\0\x05\x02\0\x04\x02\x04\x03..\0\x03\x04\0\0\0|s p|BMC/HP Software Patrol Agent|
match scmbug m|^SCMBUG-SERVER RELEASE_([-\w_.]+) \d+\n| p/Scmbug bugtracker/ v/$1/
@@ -113,7 +118,7 @@ match chargen m|^The quick brown fox jumps over the lazy dog\. 1234567890\r\n| p
match chat m|^WebStart Chat Service Established\.\.\.\r\n\(C\) 2000-\d+ R Gabriel all Rights Reserved\r\n| p/WebStart Chat Service/
match chat m|^\*\x01..\0\x04\0\0\0\x01$|s p/AIM or ICQ server/
match chat-ctl m|^InfoChat Server v([\d.]+) Remote Control ready\n\r| p/InfoChat Remote Control/ v/$1/
match chat-ctrl m|^InfoChat Server v([\d.]+) Remote Control ready\n\r| p/InfoChat Remote Control/ v/$1/
match chess m=^\n\r _ __ __ __ \n\r \| \| / /__ / /________ ____ ___ ___ / /_____ \n\r \| \| /\| / / _ \\/ / ___/ __ \\/ __ `__ \\/ _ \\ / __/ __ \\\n\r= p/Lasker Internet Chess server/
# Citrix, Metaframe XP on Windows
match citrix-ica m|^\x7f\x7fICA\0\x7f\x7fICA\0| p/Citrix Metaframe XP ICA/ o/Windows/
@@ -180,7 +185,7 @@ match dict m|^220 hello <> msg\r\n$| p/Serpento dictd/
match directconnect m/^\$MyNick ([-.\w]+)|\$Lock/ p/Direct Connect P2P/ i/User: $1/ o/Windows/
match directconnect m|^\r\nDConnect Daemon v([\d.]+)\r\nlogin: | p/Direct Connect P2P/ v/$1/ o/Windows/
match directconenct m=<Hub-Security> Your IP is temporarily banned for (\d+) minutes\.\|= p/Shadows DirectConnect hub/ i/Banned for $1 minutes/
match directconnect m=<Hub-Security> Your IP is temporarily banned for (\d+) minutes\.\|= p/Shadows DirectConnect hub/ i/Banned for $1 minutes/
match directconnect m=<Hub-Security> You are being banned for (\d+) minutes \(by SDCH Anti Hammering\)\.\|= p/Shadows DirectConnect hub/ i/Banned for $1 minutes/
match directconnect m=<Hub-Security> You are being redirected to ([\d.]+)\|\$ForceMove [\d.]+\|= p/PtokaX directconnect hub/ i/Redirected to $1/
match directconnect-admin m=^\r\nOpen DC Hub, version ([\d.]+), administrators port\.\r\nAll commands begin with '\$' and end with '\|'\.\r\nPlease supply administrators passord\.\r\n= p/OpenDCHub directconenct hub admin port/ v/$1/ o/Unix/
@@ -930,10 +935,10 @@ match issc m|^\rYou do not have permission to connect to the builder port\.\r\nT
# ISS RealSecure ServerSensor 7.0 on Windows 2000 Server
# ISS RealSecure Server Sensor 6.0 on Windows NT 4.0 Server SP6a
# ISS RealSecure Server Sensor 7.0 issdaemon on Microsoft Windows NT Workstation with SP6a
match issrealsecure m|^\0\0\0.\x08\x01\x03\x01\0.\x02\0\0..\0\0.\0\0\0..\0\0\x80\x04..\0.\0\xa0|s p/ISS RealSecure IDS/ o/Windows/
match issrealsecure m|^\0\0\0.\x08\x01\x04\x01\0..\0\0..\0\0.\0\0\0..\0\0\x80\x04..\0.\0\xa0\0\0|s p/ISS RealSecure IDS ServerSensor/ v/6.0 - 7.0/ o/Windows/
match iss-realsecure m|^\0\0\0.\x08\x01\x03\x01\0.\x02\0\0..\0\0.\0\0\0..\0\0\x80\x04..\0.\0\xa0|s p/ISS RealSecure IDS/ o/Windows/
match iss-realsecure m|^\0\0\0.\x08\x01\x04\x01\0..\0\0..\0\0.\0\0\0..\0\0\x80\x04..\0.\0\xa0\0\0|s p/ISS RealSecure IDS ServerSensor/ v/6.0 - 7.0/ o/Windows/
# I've only seen 1 example of the following. Probably not general enough
match issrealsecure m|^\0\0\x01/\x08\x01\x03\x01\x01'\x04\0\0\0\x18\0\0\xa4\0\0\0f\x02\0\0\x80\x04\x06\0\0\x80\0\xa05Microsoft Enhanced RSA and AES Cryptographic Provider|s p/ISS Realsecure Workgroup Manager/ o/Windows/
match iss-realsecure m|^\0\0\x01/\x08\x01\x03\x01\x01'\x04\0\0\0\x18\0\0\xa4\0\0\0f\x02\0\0\x80\x04\x06\0\0\x80\0\xa05Microsoft Enhanced RSA and AES Cryptographic Provider|s p/ISS Realsecure Workgroup Manager/ o/Windows/
match ixia-unknown m|^Enter port cpu supported card port number and hit Enter\. For example \"3 4\"\r\n| p/IXIA 400T traffic QA/
match ixia-unknown m|^.*\0\x18Ixia Hardware I/O Server\x13Ixia Communications\x18Ixia Hardware I/O Server\x0b([\d.]+)|s p/IXIA 400T traffic QA/
@@ -1005,10 +1010,6 @@ match donkey m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nServer: eserver ([\d.]+)\
# Monopoly game server
match monopd m|^<monopd><server version=\"([\d.]+)\"/>.*</monopd>\n| p/monopd/ v/$1/ o/Unix/
# Microsoft ActiveSync Version 3.7 Build 3083 (It's used for syncing
# my ipaq it disapears when you remove the ipaq.)
match msactivesync m|^.\0\x01\0[^\0]\0[^\0]\0[^\0]\0[^\0]\0[^\0]\0.*\0\0\0$|s p/Microsoft ActiveSync/ o/Windows/
match mud m|^\n\r\xff\xfbUDo you want ANSI color\? \(Y/n\) $| p|ROM-based MUD| i|http://rrp.rom.org/|
match mysql m/^.\0\0\0\xff.\x04.*Host .* is not allowed to connect to this MySQL server$/s p/MySQL/ i/unauthorized/
@@ -2470,7 +2471,7 @@ match telnet-proxy m|^\r\n\r\nEnter computer name to connect to\.\r\ne\.g\. \"Ne
match telnet-proxy m|^\xff\xfc\x01\xff\xfd\"ixProxy V([\d.]+), Copyright \(C\) \d+ Ixia Communications\r\nEnter target port ip address as login name \(example: 10\.0\.1\.1\)\r\nlogin:| p/Ixia ixProxy telnet proxy/
match telnet-proxy m|^\xff\xfb\x01\xff\xfb\x03Blue Coat Shell proxy\r\nShell-proxy>| p/Blue Coat Shell proxy/ o/SGOS/
match telnet-ssl m|^\xff\xfd.$| p|telnetd-ssl/GNU Gatekeeper|
match telnets m|^\xff\xfd.$| p|telnetd-ssl/GNU Gatekeeper|
# tinc 1.0.2-2 on Linux
match tinc m|^0 \w+ 17\n| p/tinc vpn daemon/
@@ -2500,9 +2501,9 @@ match keriopfgui m|^\x12\0\r\0\x03\0\0\0\0\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
# Tiny Personal Firewall 2.0
# Kerio Personal Firewall, Firewall engine version 2.1.5 Driver version 3.0.0 on WinXP
match tinyfw m|^\x0f\0\n\0\x01\0\0\0\0\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| p/Kerio Personal Firewall/ v/2.1.X/ i/or Tiny Personal Firewall/
match ssl/vmware-auth m|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL Required\r\n| p/VMware Authentication Daemon/ v/$1/
match ssl/vmware-auth m|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL [rR]equired, MKSDisplayProtocol:VNC \r\n| p/VMware GSX Authentication Daemon/ v/$1/ i/Uses VNC/
match ssl/vmware-auth m|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC| p/VMware GSX Authentication Daemon/ v/$1/ i/Uses VNC, SOAP/
match vmware-auth/ssl m|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL Required\r\n| p/VMware Authentication Daemon/ v/$1/
match vmware-auth/ssl m|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL [rR]equired, MKSDisplayProtocol:VNC \r\n| p/VMware GSX Authentication Daemon/ v/$1/ i/Uses VNC/
match vmware-auth/ssl m|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC| p/VMware GSX Authentication Daemon/ v/$1/ i/Uses VNC, SOAP/
match vnc m|^RFB 003\.00(\d)\n$| p/VNC/ i/protocol 3.$1/
match vnc m|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0\x1aToo many security failures$| p/VNC/ i/protocol 3.$1; Locked out/
@@ -2533,8 +2534,8 @@ match xbmsp m|^XBMSP-1\.0 1\.0 Media File XStream Server \n| p/Media File XStrea
match xinetd m=^([-\w_.]+ (tcp|udp) \d{1,5}\n)+= p/xinetd service display/ o/Unix/
# XFCE Desktop Version 3.99.4 From Gentoo 1.4 Ebuild on Linux 2.4.6
match xfce-session m|^\0\x01\0.\0\0\0\0$|s p/XFCE Session Manager/
match xmailctl m|^\+\d+ <[\d.]+@[\d.]+> XMail ([\d.]+) \(Linux/Ix86\) CTRL Server; .*\r\n| p/XMail CTRL Server/ v/$1/ o/Linux/
match xmailctl m|^\+\d+ <[\d.]+@[\d.]+> XMail ([\d.]+) CTRL Server; .*\r\n| p/XMail CTRL Server/ v/$1/
match xmail-ctrl m|^\+\d+ <[\d.]+@[\d.]+> XMail ([\d.]+) \(Linux/Ix86\) CTRL Server; .*\r\n| p/XMail CTRL Server/ v/$1/ o/Linux/
match xmail-ctrl m|^\+\d+ <[\d.]+@[\d.]+> XMail ([\d.]+) CTRL Server; .*\r\n| p/XMail CTRL Server/ v/$1/
match xmbmon m|^TEMP0 +: +[\d.]+\nTEMP1 +: +[\d.]+\nTEMP2 +: +[\d.]+\nFAN0 +: +[\d.]+\nFAN1 +: +[\d.]+\nFAN2 +: +[\d.]+\n| p/Mother Board Monitor/
# Right now once a softmatch triggers, only match lines with the same
@@ -2578,7 +2579,7 @@ match osiris m|^\x80[=+:]\x01\x03\x01\0.\0\0\0\x10\0|s p/osiris host IDS agent/
match svnserve m|^\( success \( \d \d \( ANONYMOUS \) \( | p/Subversion/
match icecreamd m|^[\x14-\x1f]\0\0\0$| p/icecreamd/
match icecream m|^[\x14-\x1f]\0\0\0$| p/icecreamd/
match apc-agent m|^\xac\xed\0\x05$| p/APC PowerChute agent/ d/power-device/
# OpenH323 Gatekeeper 2.0.3
match afs3-fileserver m|^\xff\xfd\x03\xff\xfb\x05.*Version:\r\nGatekeeper\(GNU\) Version\(([\d.]+)\) Ext\(.*\) Build\(.*\) Sys\(Linux .*\)\r\n| p/OpenH323 Gatekeeper/ v/$1/ o/Linux/
@@ -2587,7 +2588,7 @@ match wingate-control m|^.\x01.[\x02\x03]\x01\d+\0$|s p/WinGate Administration/
# Wingate redir: Probably not general enough
match wingate m|^\0\n\0\0\x02\0\0\0\x01\0$| p/WinGate transparent redirection/ o/Windows/
match mail-admin m|^OK0100 eXtremail V([\d.]+) release (\d+) REMote management \.\.\.\r\n| p/eXtremail remote management/ v/$1 release $2/
match pppd m|^SuSE Meta pppd \(smpppd\), Version ([\d.]+)\r\n| p/SuSE Meta pppd/ v/$1/ o/Linux/
match ppp m|^SuSE Meta pppd \(smpppd\), Version ([\d.]+)\r\n| p/SuSE Meta pppd/ v/$1/ o/Linux/
match pppctl m|^PPP on ([-\w_.]+)> | p/pppctld/ h/$1/
match honeypot m|^503 Service Unavailable\r\n\r\n\0$| p/Network Flight Recorder BackOfficer Friendly honeypot/
@@ -2611,7 +2612,7 @@ match access-remote-pc m|^\x99\xf3\0\0\0\0\0\0\xff\xff\xff\xff$| p/Access Remote
match biff m|^Message received\n$| p/NotifyMail biffd/
match biff m|^Use of uninitialized value in transliteration \(tr///\) at /var/jchkmail/user-filter| p/Joe's j-chkmail biffd/
match bitdefender-ctl m|^\(null\) 500 Internal Error\n\(null\) 500 Internal Error\n$| p/Bitdefender Remote Admin Console/ o/Windows/
match bitdefender-ctrl m|^\(null\) 500 Internal Error\n\(null\) 500 Internal Error\n$| p/Bitdefender Remote Admin Console/ o/Windows/
match bittorrent-tracker m|^This is not a rootkit or other backdoor, it's a BitTorrent\r\nclient\. Really\.| p/Transmission bittorrent tracker/
@@ -2698,7 +2699,7 @@ match ftp m|^220 Ready\r\n502 Not implemented\r\n$| p/Global Cache GC-100 ftpd/
match flashconnect m|^FlashCONNECT ([\d.]+) invalid message\.\n$| p/Raining Data FlashCONNECT/ v/$1/
match fw1-topo m|^Q\0\0\0$| p/Checkpoint FW-1 Topology download/ d/firewall/
match fw1-topology m|^Q\0\0\0$| p/Checkpoint FW-1 Topology download/ d/firewall/
# GKrellM System Monitor 2.1.15 on Linux
match gkrellm m|^<error>\nBad connect string!| p/GKrellM System Monitor/
@@ -2989,14 +2990,13 @@ sslports 443
# Kerio PF 4.0.11 unregistered - Service process (Port 44xxx?) on MS W2K SP4+
match keriopfservice m|^(HTTP/1\.0) 200 OK\r\nServer: Kerio Personal Firewall\r\n| p/Kerio PF 4 Service/ i/$1/
match backupexecra m|^\xf6\xff\xff\xff\x10\0\0\0\0\0\0\0\0\0\0\0$| p/Veritas BackupExec Remote Agent/
match backupexec-remote m|^\xf6\xff\xff\xff\x10\0\0\0\0\0\0\0\0\0\0\0$| p/Veritas BackupExec Remote Agent/
match backdoor m|^:[-\w_.]+ 451 GET :\r\n| p/**BACKDOOR**/ o/Windows/
match bittorrent m|^Nice try\.\.\.\r\n$| p/Transmission Bittorrent client/
match csta m|^<HTML>\r\n<HEAD>\r\n<TITLE>CSTA-Mono Server Home Page </TITLE>\r\n| p/Alcatel OmniPCX Enterprise/ d/PBX/
match dantzretrospect m|^\0\xca\0\0\0\0\0\x04\0\0\0\0$| p/Dantz Retrospect/ v/6.0/
match dnet-keyproxy m|^HTTP/1\.0 302 Found\r\nLocation: http://www\.distributed\.net/\r\n\r\n$| p/Distributed.Net HTTP Keyproxy/
# Digital UNIX 5.6
@@ -4744,7 +4744,7 @@ match imap m|^\* OK ([-.+\w]+) IMAP4rev1 v1(\d[-.\w]+) server ready\r\n| p/UW-Im
# gnu/mailutils imap4d 0.3.2 on Linux
match imap m|^\* OK IMAP4rev1\r\nGET BAD Invalid command\r\n\* BAD Null command\r\n$| p/GNU Mailutils imapd/
# Cyrus IMAP 2.1.14
match ssl/imap m|^\* BYE Fatal error: tls_start_servertls\(\) failed\r\n$| p/Cyrus imapd/
match imaps m|^\* BYE Fatal error: tls_start_servertls\(\) failed\r\n$| p/Cyrus imapd/
match imap m|^\* OK ([-\w_.]+)\r\nGET BAD Error in IMAP command received by server\.\r\n\* BAD Error in IMAP command received by server\.\r\n| p/Dovecot imapd/ h/$1/
match imap m|^\* OK IMAP4 IMAP4rev1 Server\r\nGET BAD Unrecognised Command\r\n| p/Floosietek FTgate imapd/
match imap m|^\* OK IMAP4r1 server \[([-\w_.]+)\] ready\r\nGET BAD Protocol Error: \"Unidentifiable command specified\"\.\r\n\* BAD Protocol Error: \"Tag not found in command\"\.\r\n| p/Microsoft Exchange imapd/ h/$1/ i/Version masked/ o/Windows/
@@ -4818,14 +4818,15 @@ match giop m|^GIOP\x01\0\x01\x06\0\0\0\0$| p/omniORB omniNames/ i/Corba naming s
# Oracle MTS Recovery Service 9.2.0.1 on Windows 2000 Professional
match oracle-mts m|^HTTP/1\.0 200 OK\r\nContent-length: 7\r\n\r\nunknown$| p/Oracle MTS Recovery Service/
match ssl/pop3 m|^-ERR \[SYS/PERM\] Fatal error: tls_start_servertls\(\) failed\r\n$| p/Cyrus pop3sd/
match ssl/pop3 m|^-ERR Fatal error: pop3s: required OpenSSL options not present\r\n| p/Cyrus pop3sd/
match pop3s m|^-ERR \[SYS/PERM\] Fatal error: tls_start_servertls\(\) failed\r\n$| p/Cyrus pop3sd/
match pop3s m|^-ERR Fatal error: pop3s: required OpenSSL options not present\r\n| p/Cyrus pop3sd/
# Postgresql-server-7.3.2-3
match postgresql m|^EFATAL: invalid length of startup packet\n\0$| p/PostgreSQL/
match postgrey m|^action=dunno\n\n$| p/Postfix Greylist Daemon/
match powerchute m|^server=&type=0&id=&count=1&oid=[\d.]+&value=&error=4\n| p/APC Powerchute/ d/power-device/
match rendezvous m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nDAAP-Server: iTunes/(\d[-.\w]+) \((.*)\)\r\n| p/Apple iTunes/ v/$1/ o/$2/
match retrospect m|^\0\xca\0\0\0\0\0\x04\0\0\0\0$| p/Dantz Retrospect/ v/6.0/
match rfidquery m|^Error 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\n$| p/Mercury3 RFID Query protocol/
match rtsp m|^RTSP/1.0 400 Bad Request\r\nServer: DSS/([-.\w]+) \[(v\d+)]-(\w+)\r\n| p/DarwinStreamingServer/ v/$1/ i/$2 on $3/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: QTSS/(\d[\d.]+ \[v\d+\]-Win32)\r\nCseq: \r\n| p/Apple QuickTime Streaming Server/ v/$1/ o/Windows/
@@ -4868,7 +4869,7 @@ match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: <sip:missing>\r\nTo: <si
match slimp3 m|^GET %2[Ff] HTTP%2[Ff]1\.0\n$| p|SliMP3 MP3 player| i|http://www.slimdevices.com|
# spamd 2.20-1woody
match spamd m|^SPAMD/1\.0 76 Bad header line: GET / HTTP/1\.0\r\r?\n| p/SpamAssassin spamd/
match spamassassin m|^SPAMD/1\.0 76 Bad header line: GET / HTTP/1\.0\r\r?\n| p/SpamAssassin spamd/
match speech m|^ER\nLP\n#<SUBR\(6\) />\nft_StUfF_keyOK\nER\n$| p/Festival Speech Synthesis System/
@@ -5052,7 +5053,7 @@ match http m|^HTTP/1\.0 400\r\nContent-Type: text/html\r\n\r\n<hr><pre><font siz
match http-proxy m|^HTTP/1\.1 503 Service Unavailable\r\ndate: .*\r\nconnection: close\r\n\r\n<html><body><pre><h1>Service unavailable</h1></pre></body></html>\n| p/HTTP Replicator proxy/
match policyd m|^action=defer_if_permit Policy Rejection: Invalid data\n\n$| p/Postfix mail policyd/
match policy m|^action=defer_if_permit Policy Rejection: Invalid data\n\n$| p/Postfix mail policyd/
match tgcmd m|^\d+ \d+ \d+,Invalid command\.\n$| p/tgcmd.exe support daemon/ o/Windows/
@@ -5105,10 +5106,10 @@ ports 81,111,199,514,544,710,711,1433,2049,4045,4999,7000,32750-32810,38978
# Microsoft SQLServer 6.5 on WinNT 4.0 SP6a
# Microsoft SQL Server 6.5 on WinNT 4.0
match ms-sql-s m|^\x04\x01\0C..\0\0\xaa\0\0\0/\x0f\xa2\x01\x0e.. Login failed\r\n\x14Microsoft SQL Server\0\0\0\xfd\0\xfd\0\0\0\0\0\x02$|s p/Microsoft SQLServer/ v/6.5/ o/Windows/
match rpc m|^\x80\0\0\x18\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01|
match rpc m|^\x80\0\0\x20\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02|
match rpc m|^\x80\0\0\x14r\xfe\x1d\x13\0\0\0\x01\0\0\0\x01\0\0\0\x01\0\0\0\x05|
match rpc m|^\x80\0\0\x18r\xfe\x1d\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0|
match rpcbind m|^\x80\0\0\x18\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01|
match rpcbind m|^\x80\0\0\x20\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02|
match rpcbind m|^\x80\0\0\x14r\xfe\x1d\x13\0\0\0\x01\0\0\0\x01\0\0\0\x01\0\0\0\x05|
match rpcbind m|^\x80\0\0\x18r\xfe\x1d\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0|
match raid-mon m|^\0 \0.{4}C\x04\0\0\0\x02\\@| p/Promise RAID array monitor/ v/3.X/
match raid-mon m|^\0 \0.{4}D\x04\0\0\0\x02\\@| p/Promise RAID array monitor/ v/4.X/
match raid-mon m|^\x02 \0.{4}G\x04\0\0\0\x02\\@| p/Promise RAID array monitor/
@@ -5133,8 +5134,8 @@ rarity 1
ports 17,88,111,500,517,518,2427,4045,10080,12203,27960,32750-32810,38978
match amanda m|^Amanda ([\d.]+) NAK HANDLE SEQ 0\nERROR expected \"Amanda\", got \"r\xfe\x1d\x13\"\n| p/Amanda backup service/ v/$1/ o/Unix/
match rpc m|^\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01|
match rpc m|^\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02|
match rpcbind m|^\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01|
match rpcbind m|^\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02|
# OpenAFS 1.2.10 on Linux 2.4.22
match kerberos-sec m|^\x04\n\0\0\0\0\0\0\0\0\0\0\x04code = 4: packet version number unknown\0| p/OpenAFS/
# talk-server-0.17 (linux), ports 517-518/udp
@@ -5352,7 +5353,7 @@ match tftp m|^\0\x05\0\0Bad mode\0|
match tftp m|^\0\x05\0\x02Access violation\0|
match tftp m|^\0\x05\0\x04\w+\0|
match landesk m|^\0\0\0\0USER\x01\0\x10\0\x08\0:\xd0\x08\0:\xd0\x01\x01\.\0O\0\x03\0T\0\xff\xff\0\0\0\xfd\0\0\0\0\0\0\x02\0\0\0LANDeskWorkgroup Manager ver ([\d.]+)\0| p/LANDesk Workgroup Manager/ v/$1/ o/Windows/
match landesk-rc m|^\0\0\0\0USER\x01\0\x10\0\x08\0:\xd0\x08\0:\xd0\x01\x01\.\0O\0\x03\0T\0\xff\xff\0\0\0\xfd\0\0\0\0\0\0\x02\0\0\0LANDeskWorkgroup Manager ver ([\d.]+)\0| p/LANDesk Workgroup Manager/ v/$1/ o/Windows/
# DNS Server status request: http://www.crynwr.com/crynwr/rfc1035/rfc1035.html
@@ -5744,8 +5745,8 @@ match xtel m|^\x15Annuaire \xe9lectronique| p/xteld/ i/French/
match tor m|^\x16\x03\0\0\*\x02\0\0&\x03\0.*T[oO][rR]1.*[\x00-\x20]([-\w_.]+) <identity>|s p/Tor node/ i/Node name: $1/
# Sophos Message Router
match ssl/sophos m|^\x16\x03\0.*Router\$([a-zA-Z0-9_-]+).*Sophos EM Certification Manager|s p/Sophos Message Router/ h/$1/
match ssl/sophos m|^\x16\x03\0.*Sophos EM Certification Manager|s p/Sophos Message Router/
match sophos/ssl m|^\x16\x03\0.*Router\$([a-zA-Z0-9_-]+).*Sophos EM Certification Manager|s p/Sophos Message Router/ h/$1/
match sophos/ssl m|^\x16\x03\0.*Sophos EM Certification Manager|s p/Sophos Message Router/
# SMB Negotiate Protocol
@@ -5848,7 +5849,6 @@ Probe TCP X11Probe q|\x6C\0\x0B\0\0\0\0\0\0\0\0\0|
rarity 4
ports 80,443,497,1550,5302,6000-6020,7000,7100,7101,7777,8000
# retroclient 6.5.108 on Linux
match dantzretrospect m|^\0\xca\0\0\0\0\0\x04\0\0\0\0\0\0\x02\($| p/Dantz Retrospect backup client/
match font-service m|^\0\0\x02\0\0\0\0\0\0\0\0\0\x06\0\0\0\0@\x0c\0p\x17\0\0X Consortium\x01\n\x01\0\x05\0\0\0....\0\0..\0\0\0\0$|s p/Sun Solaris fs.auto/ o/Solaris/
# HP-UX 11.11
match font-service m|^\0\0\x02\0\0\0\0\0\0\0\0\0\x06\0\0\0\0@\x0c\0\xd4\x17\0\0X Consortium\x01\n\x01\0\x05\0\0\0....\0\0..\0\0\0\0$|s p/HP-UX X Font Server/ o/HP-UX/
@@ -5861,6 +5861,8 @@ match networkaudio m|^\0\x19\x02\0\x02\0\x07\0Protocol version mismatch\0| p|Net
# ichat-proxy; only two bytes might be too generic (Brandon)
match ichat-proxy m|^\x05\xff$| p/Apple iChat Server file transfer proxy/ o/Mac OS X/
match retrospect m|^\0\xca\0\0\0\0\0\x04\0\0\0\0\0\0\x02\($| p/Dantz Retrospect backup client/
match X11 m|^\x01\0\x0b\0\0.....\0\0\0\0.*Sun Microsystems, Inc\.|s p/XSun Solaris X11 server/
match X11 m|^\0\x2D\x0B\0\0\0\x0C\0| i/access denied/
# I think the below means access denied (no authentication protocol
@@ -6115,7 +6117,7 @@ match lotusnotes m|^.\0\0\0.\0\0\0\x03\0\0@\x02\x0f\0.*\x03\0\0\0\0\x02\0/\0.\0\
match lotusnotes m|^.\0\0\0.\0\0\0\x03\0\0@\x02\x0f\0.*\x03\0\0\0\0\x02\0/\0.\0\0\0\0\0\0\0.*CN=([-.\w ]+)/OU=([-.\w ]+)/OU=([-.\w ]+)/O=([-.\w ]+)|s p/Lotus Domino server/ i|CN=$1;OU=$2/$3;Org=$4|
# Interesting service: Not sure if it's RPC
match rpc m|^\x18\0\x01\x02Invalid packet length\0| p/Amanda voicemail system/ d/telecom-misc/
match rpcbind m|^\x18\0\x01\x02Invalid packet length\0| p/Amanda voicemail system/ d/telecom-misc/
# Moved this from SSLSessionReq because it seems more reliable.
match svrloc m|^\x02\x02\0\0\x12\0\0\0\0\0\0\0\0\x02en\0\x02$| p/Apple slpd/ o/Mac OS/
match tibia m|^V\0\x02\0Your terminal version is too old\.\nPlease get a new version at\nhttp://www\.tibia\.com\.\0$| p/Tibia graphical MUD/
@@ -6234,7 +6236,7 @@ ports 1035,1521,1522,1525,1574,1748,1754
match oracle-tns m|^\0.\0\0\x02\0\0\0.*TNSLSNR for ([-.+/ \w]{2,20}): Version ([-\d.]+) - Production|s p/Oracle TNS Listener/ v/$2 (for $1)/
match dbsnmp m|^\0.\0\0\x02\0\0\0.*\(IAGENT = \(AGENT_VERSION = ([\d.]+)\)\(RPC_VERSION = ([\d.]+)\)\)|s p/Oracle Intelligent Agent/ v/$1/ i/RPC v$2/
match oracle-tns m|^\0.\0\0\x02\0\0\0|s p/Oracle TNS Listener/
match oracle-dbsnmp m|^\0,\0\0\x04\0\0\0\"\0\0 \(CONNECT_DATA=\(COMMAND=version\)\)| p/Oracle DBSNMP/
match dbsnmp m|^\0,\0\0\x04\0\0\0\"\0\0 \(CONNECT_DATA=\(COMMAND=version\)\)| p/Oracle DBSNMP/
##############################NEXT PROBE##############################
Probe UDP xdmcp q|\0\x01\0\x02\0\x01\0\0|
@@ -6396,11 +6398,11 @@ match stomp m|^ERROR\nmessage:Unknown STOMP action:.+ org\.apache\.activemq\.|s
##############################NEXT PROBE##############################
# memcached, text mode protocol
Probe TCP Memcached q|stats\r\n|
# memcache, text mode protocol
Probe TCP Memcache q|stats\r\n|
rarity 8
ports 11211
match memcached m|^STAT pid (\d+)\r\nSTAT uptime (\d+)\r\n.*?STAT version ([\w_.-]+)\r\n.*?STAT curr_items (\d+)\r\nSTAT total_items (\d+)\r\nSTAT bytes (\d+)\r\n|s p/memcached/ v/$3/ i/PID $1; uptime $2 seconds; curr items: $4; total items: $5; bytes cached: $6/
match memcache m|^STAT pid (\d+)\r\nSTAT uptime (\d+)\r\n.*?STAT version ([\w_.-]+)\r\n.*?STAT curr_items (\d+)\r\nSTAT total_items (\d+)\r\nSTAT bytes (\d+)\r\n|s p/memcached/ v/$3/ i/PID $1; uptime $2 seconds; curr items: $4; total items: $5; bytes cached: $6/
##############################NEXT PROBE##############################

126
nmap-services
View File

@@ -431,11 +431,11 @@ subntbcst_tftp 247/tcp #
subntbcst_tftp 247/udp #
bhfhs 248/tcp #
bhfhs 248/udp #
FW1-secureremote 256/tcp # also "rap"
fw1-secureremote 256/tcp # also "rap"
rap 256/udp #
FW1-mc-fwmodule 257/tcp # FW1 management console for communication w/modules and also secure electronic transaction (set) port
fw1-mc-fwmodule 257/tcp # FW1 management console for communication w/modules and also secure electronic transaction (set) port
set 257/udp # secure electronic transaction
Fw1-mc-gui 258/tcp # also yak winsock personal chat
fw1-mc-gui 258/tcp # also yak winsock personal chat
yak-chat 258/udp # yak winsock personal chat
esro-gen 259/tcp # efficient short remote operations
firewall1-rdp 259/udp # Firewall 1 proprietary RDP protocol http://www.inside-security.de/fw1_rdp_poc.html
@@ -448,8 +448,8 @@ arcisdms 262/udp #
hdap 263/tcp #
hdap 263/udp #
bgmp 264/tcp #
FW1-or-bgmp 264/udp # FW1 secureremote alternate
maybeFW1 265/tcp
fw1-or-bgmp 264/udp # FW1 secureremote alternate
maybe-fw1 265/tcp
http-mgmt 280/tcp #
http-mgmt 280/udp #
personal-link 281/tcp #
@@ -702,8 +702,8 @@ contentserver 454/tcp #
contentserver 454/udp #
creativepartnr 455/tcp #
creativepartnr 455/udp #
macon-tcp 456/tcp #
macon-udp 456/udp #
macon 456/tcp #
macon 456/udp #
scohelp 457/tcp #
scohelp 457/udp #
appleqtc 458/tcp # apple quick time
@@ -784,8 +784,8 @@ intecourier 495/tcp #
intecourier 495/udp #
pim-rp-disc 496/tcp #
pim-rp-disc 496/udp #
dantz 497/tcp #
dantz 497/udp #
retrospect 497/tcp #
retrospect 497/udp #
siam 498/tcp #
siam 498/udp #
iso-ill 499/tcp # ISO ILL Protocol
@@ -886,8 +886,8 @@ dhcpv6-client 546/tcp # DHCPv6 Client
dhcpv6-client 546/udp # DHCPv6 Client
dhcpv6-server 547/tcp # DHCPv6 Server
dhcpv6-server 547/udp # DHCPv6 Server
afpovertcp 548/tcp # AFP over TCP
afpovertcp 548/udp # AFP over UDP
afp 548/tcp # AFP over TCP
afp 548/udp # AFP over UDP
idfp 549/tcp #
idfp 549/udp #
new-rwho 550/tcp # new-who
@@ -1118,7 +1118,7 @@ accessbuilder 888/udp #
sun-manageconsole 898/tcp # Solaris Management Console Java listener (Solaris 8 & 9)
ftps-data 989/tcp # ftp protocol, data, over TLS/SSL
samba-swat 901/tcp # Samba SWAT tool. Also used by ISS RealSecure.
iss-realsecure-sensor 902/tcp # ISS RealSecure Sensor
iss-realsecure 902/tcp # ISS RealSecure Sensor
iss-console-mgr 903/tcp # ISS Console Manager
oftep-rpc 950/tcp # Often RPC.statd (on Redhat Linux)
rndc 953/tcp # RNDC is used by BIND 9 (& probably other NS)
@@ -1159,8 +1159,8 @@ iad3 1032/udp # BBN IAD
netinfo 1033/tcp # Netinfo is apparently on many OS X boxes.
activesync-notify 1034/udp # Windows Mobile device ActiveSync Notifications
netsaint 1040/tcp # Netsaint status daemon
boinc-client 1043/tcp # BOINC Client Control or Microsoft IIS
boinc-client 1043/udp # BOINC Client Control
boinc 1043/tcp # BOINC Client Control or Microsoft IIS
boinc 1043/udp # BOINC Client Control
java-or-OTGfileshare 1050/tcp # J2EE nameserver, also OTG, also called Disk/Application extender. Could also be MiniCommand backdoor OTGlicenseserv
nim 1058/tcp #
nim 1058/udp #
@@ -1559,7 +1559,7 @@ cichild-lm 1523/udp #
ingreslock 1524/tcp # ingres
ingreslock 1524/udp # ingres
orasrv 1525/tcp # oracle or Prospero Directory Service non-priv
orasrv 1525/udp # oracle
oracle 1525/udp # oracle
pdap-np 1526/tcp # Prospero Data Access Prot non-priv
pdap-np 1526/udp # Prospero Data Access Prot non-priv
tlisrv 1527/tcp # oracle
@@ -1660,8 +1660,8 @@ landesk-rc 1764/tcp # LANDesk Remote Control
radius 1812/udp # RADIUS authentication protocol (RFC 2138)
radacct 1813/udp # RADIUS accounting protocol (RFC 2139)
pcm 1827/tcp # PCM Agent (AutoSecure Policy Compliance Manager
UPnP 1900/tcp # Universal PnP
UPnP 1900/udp # Universal PnP
upnp 1900/tcp # Universal PnP
upnp 1900/udp # Universal PnP
rtmp 1935/tcp # Macromedia FlasComm Server
bigbrother 1984/tcp # Big Brother monitoring server - www.bb4.com
licensedaemon 1986/tcp # cisco license management
@@ -1698,7 +1698,7 @@ dc 2001/tcp # or nfr20 web queries
wizard 2001/udp # curry
globe 2002/tcp #
globe 2002/udp #
cfingerd 2003/tcp # GNU finger
finger 2003/tcp # GNU finger (cfingerd)
mailbox 2004/tcp #
emce 2004/udp # CCWS mm conf
deslogin 2005/tcp # encrypted symmetric telnet/login
@@ -1843,14 +1843,14 @@ wap-push 2948/udp # Windows Mobile devices often have this
symantec-av 2967/udp # Symantec AntiVirus (rtvscan.exe)
iss-realsec 2998/tcp # ISS RealSecure IDS Remote Console Admin port
ppp 3000/tcp # User-level ppp daemon, or chili!soft asp
nessusd 3001/tcp # Nessus Security Scanner (www.nessus.org) Daemon or chili!soft asp
nessus 3001/tcp # Nessus Security Scanner (www.nessus.org) Daemon or chili!soft asp
deslogin 3005/tcp # encrypted symmetric telnet/login
deslogind 3006/tcp #
slnp 3025/tcp # SLNP (Simple Library Network Protocol) by Sisis Informationssysteme GmbH
slnp 3045/tcp # SLNP (Simple Library Network Protocol) by Sisis Informationssysteme GmbH
cfs 3049/tcp # cryptographic file system (nfs) (proposed)
cfs 3049/udp # cryptographic file system (nfs)
PowerChute 3052/tcp
powerchute 3052/tcp
dnet-tstproxy 3064/tcp # distributed.net (a closed source crypto-cracking project) proxy test port
sj3 3086/tcp # SJ3 (kanji input)
squid-http 3128/tcp #
@@ -1932,10 +1932,10 @@ rfa 4672/tcp # remote file access server
rfa 4672/udp # remote file access server
squid-htcp 4827/udp # Squid proxy HTCP port
radmin 4899/tcp # Radmin (www.radmin.com) remote PC control software
maybeveritas 4987/tcp #
maybeveritas 4998/tcp #
UPnP 5000/tcp # Universal PnP, also Free Internet Chess Server
UPnP 5000/udp # also complex-main
maybe-veritas 4987/tcp #
maybe-veritas 4998/tcp #
upnp 5000/tcp # Universal PnP, also Free Internet Chess Server
upnp 5000/udp # also complex-main
commplex-link 5001/tcp #
commplex-link 5001/udp #
rfe 5002/tcp # Radio Free Ethernet
@@ -1986,7 +1986,7 @@ pcduo-old 5400/tcp # RemCon PC-Duo - old port
pcduo 5405/tcp # RemCon PC-Duo - new port
omid 5428/udp # OpenMosix Info Dissemination
connect-proxy 5490/tcp # Many HTTP CONNECT proxies
postgres 5432/tcp # postgres database server
postgresql 5432/tcp # PostgreSQL database server
hotline 5500/tcp # Hotline file sharing client/server
securid 5500/udp # SecurID
secureidprop 5510/tcp # ACE/Server services
@@ -2039,7 +2039,7 @@ X11:8 6008/tcp # X Window server
X11:9 6009/tcp # X Window server
xmail-ctrl 6017/tcp # XMail CTRL server
arcserve 6050/tcp # ARCserve agent
VeritasBackupExec 6101/tcp # Backup Exec UNIX and 95/98/ME Aent
backupexec 6101/tcp # Backup Exec UNIX and 95/98/ME Aent
RETS-or-BackupExec 6103/tcp # Backup Exec Agent Accelerator and Remote Agent also sql server and cisco works blue
isdninfo 6105/tcp # isdninfo
isdninfo 6106/tcp # i4lmond
@@ -2073,9 +2073,9 @@ crystalreports 6400/tcp # Seagate Crystal Reports
crystalenterprise 6401/tcp # Seagate Crystal Enterprise
mythtv 6543/tcp
mythtv 6544/tcp
PowerChutePLUS 6547/tcp #
PowerChutePLUS 6548/tcp #
PowerChutePLUS 6549/udp #
powerchuteplus 6547/tcp #
powerchuteplus 6548/tcp #
powerchuteplus 6549/udp #
netop-rc 6502/tcp # NetOp Remote Control (by Danware Data A/S)
netop-rc 6502/udp # NetOp Remote Control (by Danware Data A/S)
xdsxdm 6558/tcp #
@@ -2090,7 +2090,7 @@ irc 6669/tcp # Internet Relay Chat
irc 6670/tcp # Internet Relay Chat
carracho 6700/tcp # Carracho file sharing
carracho 6701/tcp # Carracho file sharing
bittorent-tracker 6881/tcp # BitTorrent tracker
bittorrent-tracker 6881/tcp # BitTorrent tracker
acmsoda 6969/tcp #
acmsoda 6969/udp #
napster 6699/tcp # Napster File (MP3) sharing software
@@ -2148,9 +2148,9 @@ https-alt 8443/tcp # Common alternative https port
apple-iphoto 8770/tcp # Apple iPhoto sharing
sun-answerbook 8888/tcp # Sun Answerbook HTTP server. Or gnump3d streaming music server
seosload 8892/tcp # From the new Computer Associates eTrust ACX
tor-transport 9040/tcp # Tor TransPort, www.torproject.org
tor-socksport 9050/tcp # Tor SocksPort, www.torproject.org
tor-controlport 9051/tcp # Tor ControlPort, www.torproject.org
tor-trans 9040/tcp # Tor TransPort, www.torproject.org
tor-socks 9050/tcp # Tor SocksPort, www.torproject.org
tor-control 9051/tcp # Tor ControlPort, www.torproject.org
zeus-admin 9090/tcp # Zeus admin server
jetdirect 9100/tcp # HP JetDirect card
jetdirect 9101/tcp # HP JetDirect card
@@ -2176,28 +2176,28 @@ amandaidx 10082/tcp # Amanda indexing
amidxtape 10083/tcp # Amanda tape indexing
pksd 11371/tcp # PGP Public Key Server
cce4x 12000/tcp # ClearCommerce Engine 4.x (www.clearcommerce.com)
NetBus 12345/tcp # NetBus backdoor trojan or Trend Micro Office Scan
NetBus 12346/tcp # NetBus backdoor trojan
VeritasNetbackup 13701/tcp # vmd server
VeritasNetbackup 13702/tcp # ascd server
VeritasNetbackup 13705/tcp # tl8cd server
VeritasNetbackup 13706/tcp # odld server
VeritasNetbackup 13708/tcp # vtlcd server
VeritasNetbackup 13709/tcp # ts8d server
VeritasNetbackup 13710/tcp # tc8d server
VeritasNetbackup 13711/tcp # server
VeritasNetbackup 13712/tcp # tc4d server
VeritasNetbackup 13713/tcp # tl4d server
VeritasNetbackup 13714/tcp # tsdd server
VeritasNetbackup 13715/tcp # tshd server
VeritasNetbackup 13716/tcp # tlmd server
VeritasNetbackup 13717/tcp # tlhcd server
VeritasNetbackup 13718/tcp # lmfcd server
VeritasNetbackup 13720/tcp # bprd server
VeritasNetbackup 13721/tcp # bpdbm server
VeritasNetbackup 13722/tcp # bpjava-msvc client
VeritasNetbackup 13782/tcp # bpcd client
VeritasNetbackup 13783/tcp # vopied client
netbus 12345/tcp # NetBus backdoor trojan or Trend Micro Office Scan
netbus 12346/tcp # NetBus backdoor trojan
netbackup 13701/tcp # vmd server
netbackup 13702/tcp # ascd server
netbackup 13705/tcp # tl8cd server
netbackup 13706/tcp # odld server
netbackup 13708/tcp # vtlcd server
netbackup 13709/tcp # ts8d server
netbackup 13710/tcp # tc8d server
netbackup 13711/tcp # server
netbackup 13712/tcp # tc4d server
netbackup 13713/tcp # tl4d server
netbackup 13714/tcp # tsdd server
netbackup 13715/tcp # tshd server
netbackup 13716/tcp # tlmd server
netbackup 13717/tcp # tlhcd server
netbackup 13718/tcp # lmfcd server
netbackup 13720/tcp # bprd server
netbackup 13721/tcp # bpdbm server
netbackup 13722/tcp # bpjava-msvc client
netbackup 13782/tcp # bpcd client
netbackup 13783/tcp # vopied client
bo2k 14141/tcp # Back Orifice 2K BoPeep mouse/keyboard input
bo2k 15151/tcp # Back Orifice 2K BoPeep video output
swgps 15126/tcp # Nortel Java S/WGPS Global Payment Solutions for US credit card authorizations
@@ -2211,13 +2211,13 @@ wdbrpc 17185/udp # vxWorks WDB remote debugging ONCRPC
kuang2 17300/tcp # Kuang2 backdoor
biimenu 18000/tcp # Beckman Instruments, Inc.
biimenu 18000/udp # Beckman Instruments, Inc.
opsec_cvp 18181/tcp # Check Point OPSEC
opsec_ufp 18182/tcp # Check Point OPSEC
opsec_sam 18183/tcp # Check Point OPSEC
opsec_lea 18184/tcp # Check Point OPSEC
opsec_omi 18185/tcp # Check Point OPSEC
opsec_ela 18187/tcp # Check Point OPSEC
gkrellmd 19150/tcp # GKrellM remote system activity meter daemon
opsec-cvp 18181/tcp # Check Point OPSEC
opsec-ufp 18182/tcp # Check Point OPSEC
opsec-sam 18183/tcp # Check Point OPSEC
opsec-lea 18184/tcp # Check Point OPSEC
opsec-omi 18185/tcp # Check Point OPSEC
opsec-ela 18187/tcp # Check Point OPSEC
gkrellm 19150/tcp # GKrellM remote system activity meter daemon
btx 20005/tcp # xcept4 (Interacts with German Telekom's CEPT videotext service)
wnn6 22273/tcp # Wnn6 (Japanese input)
wnn6_Cn 22289/tcp # Wnn6 (Chinese input)
@@ -2251,7 +2251,7 @@ heretic2 28910/udp # Heretic 2 game server
Trinoo_Register 31335/udp # Trinoo distributed attack tool Bcast Daemon registration port
BackOrifice 31337/udp # cDc Back Orifice remote admin tool
Elite 31337/tcp # Sometimes interesting stuff can be found here
boinc-client 31416/tcp # BOINC Client Control
boinc 31416/tcp # BOINC Client Control
omad 32768/udp # OpenMosix Autodiscovery Daemon
sometimes-rpc3 32770/tcp # Sometimes an RPC port on my Solaris box
sometimes-rpc4 32770/udp # Sometimes an RPC port on my Solaris box