diff --git a/nmap-service-probes b/nmap-service-probes index 6532ad53f..d8a0f618c 100644 --- a/nmap-service-probes +++ b/nmap-service-probes @@ -42,6 +42,11 @@ Probe TCP NULL q|| totalwaitms 6000 match acap m|^\* ACAP \(IMPLEMENTATION \"CommuniGate Pro ACAP (\d[-.\w]+)\"\) | p/CommuniGate Pro ACAP server/ i/for mail client preference sharing/ v/$1/ match activemq m|^\0\0\0\xae\x01ActiveMQ\0\0\0| p/Apache ActiveMQ/ + +# Microsoft ActiveSync Version 3.7 Build 3083 (It's used for syncing +# my ipaq it disapears when you remove the ipaq.) +match activesync m|^.\0\x01\0[^\0]\0[^\0]\0[^\0]\0[^\0]\0[^\0]\0.*\0\0\0$|s p/Microsoft ActiveSync/ o/Windows/ + # Ad-Aware SE Enterprise Edition 2005/Ad-Axis Client 1.0 match adaware m|^IceP\x01\0\x01\0\x03\0\x0e\0\0\0| p/Lavasoft Ad-Aware SE Enterprise/ # AMANDA index server 2.4.2p2 on Linux 2.4 @@ -84,7 +89,7 @@ match backdoor m|^220 CAFEiNi [-\w_.]+ FTP server\r\n$| p/CAFEiNi trojan/ i/**BA match bf2rcon m|^### Battlefield 2 ModManager Rcon v([\d.]+)\.\n### Digest seed: \w+\n\n| p/Battlefield 2 ModManager Remote Console/ v/$1/ # Bittorrent Client 3.2.1b on Linux 2.4.X -match bittorent m|^\x13BitTorrent protocol\0\0\0\0\0\0\0\0| p/Bittorrent P2P client/ +match bittorrent m|^\x13BitTorrent protocol\0\0\0\0\0\0\0\0| p/Bittorrent P2P client/ # BMC Software Patrol Agent 3.45 and HP Patrol Agent match softwarepatrol m|^\0\0\0\x17i\x02\x03..\0\x05\x02\0\x04\x02\x04\x03..\0\x03\x04\0\0\0|s p|BMC/HP Software Patrol Agent| match scmbug m|^SCMBUG-SERVER RELEASE_([-\w_.]+) \d+\n| p/Scmbug bugtracker/ v/$1/ @@ -113,7 +118,7 @@ match chargen m|^The quick brown fox jumps over the lazy dog\. 1234567890\r\n| p match chat m|^WebStart Chat Service Established\.\.\.\r\n\(C\) 2000-\d+ R Gabriel all Rights Reserved\r\n| p/WebStart Chat Service/ match chat m|^\*\x01..\0\x04\0\0\0\x01$|s p/AIM or ICQ server/ -match chat-ctl m|^InfoChat Server v([\d.]+) Remote Control ready\n\r| p/InfoChat Remote Control/ v/$1/ +match chat-ctrl m|^InfoChat Server v([\d.]+) Remote Control ready\n\r| p/InfoChat Remote Control/ v/$1/ match chess m=^\n\r _ __ __ __ \n\r \| \| / /__ / /________ ____ ___ ___ / /_____ \n\r \| \| /\| / / _ \\/ / ___/ __ \\/ __ `__ \\/ _ \\ / __/ __ \\\n\r= p/Lasker Internet Chess server/ # Citrix, Metaframe XP on Windows match citrix-ica m|^\x7f\x7fICA\0\x7f\x7fICA\0| p/Citrix Metaframe XP ICA/ o/Windows/ @@ -180,7 +185,7 @@ match dict m|^220 hello <> msg\r\n$| p/Serpento dictd/ match directconnect m/^\$MyNick ([-.\w]+)|\$Lock/ p/Direct Connect P2P/ i/User: $1/ o/Windows/ match directconnect m|^\r\nDConnect Daemon v([\d.]+)\r\nlogin: | p/Direct Connect P2P/ v/$1/ o/Windows/ -match directconenct m= Your IP is temporarily banned for (\d+) minutes\.\|= p/Shadows DirectConnect hub/ i/Banned for $1 minutes/ +match directconnect m= Your IP is temporarily banned for (\d+) minutes\.\|= p/Shadows DirectConnect hub/ i/Banned for $1 minutes/ match directconnect m= You are being banned for (\d+) minutes \(by SDCH Anti Hammering\)\.\|= p/Shadows DirectConnect hub/ i/Banned for $1 minutes/ match directconnect m= You are being redirected to ([\d.]+)\|\$ForceMove [\d.]+\|= p/PtokaX directconnect hub/ i/Redirected to $1/ match directconnect-admin m=^\r\nOpen DC Hub, version ([\d.]+), administrators port\.\r\nAll commands begin with '\$' and end with '\|'\.\r\nPlease supply administrators passord\.\r\n= p/OpenDCHub directconenct hub admin port/ v/$1/ o/Unix/ @@ -930,10 +935,10 @@ match issc m|^\rYou do not have permission to connect to the builder port\.\r\nT # ISS RealSecure ServerSensor 7.0 on Windows 2000 Server # ISS RealSecure Server Sensor 6.0 on Windows NT 4.0 Server SP6a # ISS RealSecure Server Sensor 7.0 issdaemon on Microsoft Windows NT Workstation with SP6a -match issrealsecure m|^\0\0\0.\x08\x01\x03\x01\0.\x02\0\0..\0\0.\0\0\0..\0\0\x80\x04..\0.\0\xa0|s p/ISS RealSecure IDS/ o/Windows/ -match issrealsecure m|^\0\0\0.\x08\x01\x04\x01\0..\0\0..\0\0.\0\0\0..\0\0\x80\x04..\0.\0\xa0\0\0|s p/ISS RealSecure IDS ServerSensor/ v/6.0 - 7.0/ o/Windows/ +match iss-realsecure m|^\0\0\0.\x08\x01\x03\x01\0.\x02\0\0..\0\0.\0\0\0..\0\0\x80\x04..\0.\0\xa0|s p/ISS RealSecure IDS/ o/Windows/ +match iss-realsecure m|^\0\0\0.\x08\x01\x04\x01\0..\0\0..\0\0.\0\0\0..\0\0\x80\x04..\0.\0\xa0\0\0|s p/ISS RealSecure IDS ServerSensor/ v/6.0 - 7.0/ o/Windows/ # I've only seen 1 example of the following. Probably not general enough -match issrealsecure m|^\0\0\x01/\x08\x01\x03\x01\x01'\x04\0\0\0\x18\0\0\xa4\0\0\0f\x02\0\0\x80\x04\x06\0\0\x80\0\xa05Microsoft Enhanced RSA and AES Cryptographic Provider|s p/ISS Realsecure Workgroup Manager/ o/Windows/ +match iss-realsecure m|^\0\0\x01/\x08\x01\x03\x01\x01'\x04\0\0\0\x18\0\0\xa4\0\0\0f\x02\0\0\x80\x04\x06\0\0\x80\0\xa05Microsoft Enhanced RSA and AES Cryptographic Provider|s p/ISS Realsecure Workgroup Manager/ o/Windows/ match ixia-unknown m|^Enter port cpu supported card port number and hit Enter\. For example \"3 4\"\r\n| p/IXIA 400T traffic QA/ match ixia-unknown m|^.*\0\x18Ixia Hardware I/O Server\x13Ixia Communications\x18Ixia Hardware I/O Server\x0b([\d.]+)|s p/IXIA 400T traffic QA/ @@ -1005,10 +1010,6 @@ match donkey m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nServer: eserver ([\d.]+)\ # Monopoly game server match monopd m|^.*\n| p/monopd/ v/$1/ o/Unix/ -# Microsoft ActiveSync Version 3.7 Build 3083 (It's used for syncing -# my ipaq it disapears when you remove the ipaq.) -match msactivesync m|^.\0\x01\0[^\0]\0[^\0]\0[^\0]\0[^\0]\0[^\0]\0.*\0\0\0$|s p/Microsoft ActiveSync/ o/Windows/ - match mud m|^\n\r\xff\xfbUDo you want ANSI color\? \(Y/n\) $| p|ROM-based MUD| i|http://rrp.rom.org/| match mysql m/^.\0\0\0\xff.\x04.*Host .* is not allowed to connect to this MySQL server$/s p/MySQL/ i/unauthorized/ @@ -2470,7 +2471,7 @@ match telnet-proxy m|^\r\n\r\nEnter computer name to connect to\.\r\ne\.g\. \"Ne match telnet-proxy m|^\xff\xfc\x01\xff\xfd\"ixProxy V([\d.]+), Copyright \(C\) \d+ Ixia Communications\r\nEnter target port ip address as login name \(example: 10\.0\.1\.1\)\r\nlogin:| p/Ixia ixProxy telnet proxy/ match telnet-proxy m|^\xff\xfb\x01\xff\xfb\x03Blue Coat Shell proxy\r\nShell-proxy>| p/Blue Coat Shell proxy/ o/SGOS/ -match telnet-ssl m|^\xff\xfd.$| p|telnetd-ssl/GNU Gatekeeper| +match telnets m|^\xff\xfd.$| p|telnetd-ssl/GNU Gatekeeper| # tinc 1.0.2-2 on Linux match tinc m|^0 \w+ 17\n| p/tinc vpn daemon/ @@ -2500,9 +2501,9 @@ match keriopfgui m|^\x12\0\r\0\x03\0\0\0\0\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 # Tiny Personal Firewall 2.0 # Kerio Personal Firewall, Firewall engine version 2.1.5 Driver version 3.0.0 on WinXP match tinyfw m|^\x0f\0\n\0\x01\0\0\0\0\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| p/Kerio Personal Firewall/ v/2.1.X/ i/or Tiny Personal Firewall/ -match ssl/vmware-auth m|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL Required\r\n| p/VMware Authentication Daemon/ v/$1/ -match ssl/vmware-auth m|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL [rR]equired, MKSDisplayProtocol:VNC \r\n| p/VMware GSX Authentication Daemon/ v/$1/ i/Uses VNC/ -match ssl/vmware-auth m|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC| p/VMware GSX Authentication Daemon/ v/$1/ i/Uses VNC, SOAP/ +match vmware-auth/ssl m|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL Required\r\n| p/VMware Authentication Daemon/ v/$1/ +match vmware-auth/ssl m|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL [rR]equired, MKSDisplayProtocol:VNC \r\n| p/VMware GSX Authentication Daemon/ v/$1/ i/Uses VNC/ +match vmware-auth/ssl m|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC| p/VMware GSX Authentication Daemon/ v/$1/ i/Uses VNC, SOAP/ match vnc m|^RFB 003\.00(\d)\n$| p/VNC/ i/protocol 3.$1/ match vnc m|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0\x1aToo many security failures$| p/VNC/ i/protocol 3.$1; Locked out/ @@ -2533,8 +2534,8 @@ match xbmsp m|^XBMSP-1\.0 1\.0 Media File XStream Server \n| p/Media File XStrea match xinetd m=^([-\w_.]+ (tcp|udp) \d{1,5}\n)+= p/xinetd service display/ o/Unix/ # XFCE Desktop Version 3.99.4 From Gentoo 1.4 Ebuild on Linux 2.4.6 match xfce-session m|^\0\x01\0.\0\0\0\0$|s p/XFCE Session Manager/ -match xmailctl m|^\+\d+ <[\d.]+@[\d.]+> XMail ([\d.]+) \(Linux/Ix86\) CTRL Server; .*\r\n| p/XMail CTRL Server/ v/$1/ o/Linux/ -match xmailctl m|^\+\d+ <[\d.]+@[\d.]+> XMail ([\d.]+) CTRL Server; .*\r\n| p/XMail CTRL Server/ v/$1/ +match xmail-ctrl m|^\+\d+ <[\d.]+@[\d.]+> XMail ([\d.]+) \(Linux/Ix86\) CTRL Server; .*\r\n| p/XMail CTRL Server/ v/$1/ o/Linux/ +match xmail-ctrl m|^\+\d+ <[\d.]+@[\d.]+> XMail ([\d.]+) CTRL Server; .*\r\n| p/XMail CTRL Server/ v/$1/ match xmbmon m|^TEMP0 +: +[\d.]+\nTEMP1 +: +[\d.]+\nTEMP2 +: +[\d.]+\nFAN0 +: +[\d.]+\nFAN1 +: +[\d.]+\nFAN2 +: +[\d.]+\n| p/Mother Board Monitor/ # Right now once a softmatch triggers, only match lines with the same @@ -2578,7 +2579,7 @@ match osiris m|^\x80[=+:]\x01\x03\x01\0.\0\0\0\x10\0|s p/osiris host IDS agent/ match svnserve m|^\( success \( \d \d \( ANONYMOUS \) \( | p/Subversion/ -match icecreamd m|^[\x14-\x1f]\0\0\0$| p/icecreamd/ +match icecream m|^[\x14-\x1f]\0\0\0$| p/icecreamd/ match apc-agent m|^\xac\xed\0\x05$| p/APC PowerChute agent/ d/power-device/ # OpenH323 Gatekeeper 2.0.3 match afs3-fileserver m|^\xff\xfd\x03\xff\xfb\x05.*Version:\r\nGatekeeper\(GNU\) Version\(([\d.]+)\) Ext\(.*\) Build\(.*\) Sys\(Linux .*\)\r\n| p/OpenH323 Gatekeeper/ v/$1/ o/Linux/ @@ -2587,7 +2588,7 @@ match wingate-control m|^.\x01.[\x02\x03]\x01\d+\0$|s p/WinGate Administration/ # Wingate redir: Probably not general enough match wingate m|^\0\n\0\0\x02\0\0\0\x01\0$| p/WinGate transparent redirection/ o/Windows/ match mail-admin m|^OK0100 eXtremail V([\d.]+) release (\d+) REMote management \.\.\.\r\n| p/eXtremail remote management/ v/$1 release $2/ -match pppd m|^SuSE Meta pppd \(smpppd\), Version ([\d.]+)\r\n| p/SuSE Meta pppd/ v/$1/ o/Linux/ +match ppp m|^SuSE Meta pppd \(smpppd\), Version ([\d.]+)\r\n| p/SuSE Meta pppd/ v/$1/ o/Linux/ match pppctl m|^PPP on ([-\w_.]+)> | p/pppctld/ h/$1/ match honeypot m|^503 Service Unavailable\r\n\r\n\0$| p/Network Flight Recorder BackOfficer Friendly honeypot/ @@ -2611,7 +2612,7 @@ match access-remote-pc m|^\x99\xf3\0\0\0\0\0\0\xff\xff\xff\xff$| p/Access Remote match biff m|^Message received\n$| p/NotifyMail biffd/ match biff m|^Use of uninitialized value in transliteration \(tr///\) at /var/jchkmail/user-filter| p/Joe's j-chkmail biffd/ -match bitdefender-ctl m|^\(null\) 500 Internal Error\n\(null\) 500 Internal Error\n$| p/Bitdefender Remote Admin Console/ o/Windows/ +match bitdefender-ctrl m|^\(null\) 500 Internal Error\n\(null\) 500 Internal Error\n$| p/Bitdefender Remote Admin Console/ o/Windows/ match bittorrent-tracker m|^This is not a rootkit or other backdoor, it's a BitTorrent\r\nclient\. Really\.| p/Transmission bittorrent tracker/ @@ -2698,7 +2699,7 @@ match ftp m|^220 Ready\r\n502 Not implemented\r\n$| p/Global Cache GC-100 ftpd/ match flashconnect m|^FlashCONNECT ([\d.]+) invalid message\.\n$| p/Raining Data FlashCONNECT/ v/$1/ -match fw1-topo m|^Q\0\0\0$| p/Checkpoint FW-1 Topology download/ d/firewall/ +match fw1-topology m|^Q\0\0\0$| p/Checkpoint FW-1 Topology download/ d/firewall/ # GKrellM System Monitor 2.1.15 on Linux match gkrellm m|^\nBad connect string!| p/GKrellM System Monitor/ @@ -2989,14 +2990,13 @@ sslports 443 # Kerio PF 4.0.11 unregistered - Service process (Port 44xxx?) on MS W2K SP4+ match keriopfservice m|^(HTTP/1\.0) 200 OK\r\nServer: Kerio Personal Firewall\r\n| p/Kerio PF 4 Service/ i/$1/ -match backupexecra m|^\xf6\xff\xff\xff\x10\0\0\0\0\0\0\0\0\0\0\0$| p/Veritas BackupExec Remote Agent/ +match backupexec-remote m|^\xf6\xff\xff\xff\x10\0\0\0\0\0\0\0\0\0\0\0$| p/Veritas BackupExec Remote Agent/ match backdoor m|^:[-\w_.]+ 451 GET :\r\n| p/**BACKDOOR**/ o/Windows/ match bittorrent m|^Nice try\.\.\.\r\n$| p/Transmission Bittorrent client/ match csta m|^\r\n\r\nCSTA-Mono Server Home Page \r\n| p/Alcatel OmniPCX Enterprise/ d/PBX/ -match dantzretrospect m|^\0\xca\0\0\0\0\0\x04\0\0\0\0$| p/Dantz Retrospect/ v/6.0/ match dnet-keyproxy m|^HTTP/1\.0 302 Found\r\nLocation: http://www\.distributed\.net/\r\n\r\n$| p/Distributed.Net HTTP Keyproxy/ # Digital UNIX 5.6 @@ -4744,7 +4744,7 @@ match imap m|^\* OK ([-.+\w]+) IMAP4rev1 v1(\d[-.\w]+) server ready\r\n| p/UW-Im # gnu/mailutils imap4d 0.3.2 on Linux match imap m|^\* OK IMAP4rev1\r\nGET BAD Invalid command\r\n\* BAD Null command\r\n$| p/GNU Mailutils imapd/ # Cyrus IMAP 2.1.14 -match ssl/imap m|^\* BYE Fatal error: tls_start_servertls\(\) failed\r\n$| p/Cyrus imapd/ +match imaps m|^\* BYE Fatal error: tls_start_servertls\(\) failed\r\n$| p/Cyrus imapd/ match imap m|^\* OK ([-\w_.]+)\r\nGET BAD Error in IMAP command received by server\.\r\n\* BAD Error in IMAP command received by server\.\r\n| p/Dovecot imapd/ h/$1/ match imap m|^\* OK IMAP4 IMAP4rev1 Server\r\nGET BAD Unrecognised Command\r\n| p/Floosietek FTgate imapd/ match imap m|^\* OK IMAP4r1 server \[([-\w_.]+)\] ready\r\nGET BAD Protocol Error: \"Unidentifiable command specified\"\.\r\n\* BAD Protocol Error: \"Tag not found in command\"\.\r\n| p/Microsoft Exchange imapd/ h/$1/ i/Version masked/ o/Windows/ @@ -4818,14 +4818,15 @@ match giop m|^GIOP\x01\0\x01\x06\0\0\0\0$| p/omniORB omniNames/ i/Corba naming s # Oracle MTS Recovery Service 9.2.0.1 on Windows 2000 Professional match oracle-mts m|^HTTP/1\.0 200 OK\r\nContent-length: 7\r\n\r\nunknown$| p/Oracle MTS Recovery Service/ -match ssl/pop3 m|^-ERR \[SYS/PERM\] Fatal error: tls_start_servertls\(\) failed\r\n$| p/Cyrus pop3sd/ -match ssl/pop3 m|^-ERR Fatal error: pop3s: required OpenSSL options not present\r\n| p/Cyrus pop3sd/ +match pop3s m|^-ERR \[SYS/PERM\] Fatal error: tls_start_servertls\(\) failed\r\n$| p/Cyrus pop3sd/ +match pop3s m|^-ERR Fatal error: pop3s: required OpenSSL options not present\r\n| p/Cyrus pop3sd/ # Postgresql-server-7.3.2-3 match postgresql m|^EFATAL: invalid length of startup packet\n\0$| p/PostgreSQL/ match postgrey m|^action=dunno\n\n$| p/Postfix Greylist Daemon/ match powerchute m|^server=&type=0&id=&count=1&oid=[\d.]+&value=&error=4\n| p/APC Powerchute/ d/power-device/ match rendezvous m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nDAAP-Server: iTunes/(\d[-.\w]+) \((.*)\)\r\n| p/Apple iTunes/ v/$1/ o/$2/ +match retrospect m|^\0\xca\0\0\0\0\0\x04\0\0\0\0$| p/Dantz Retrospect/ v/6.0/ match rfidquery m|^Error 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\n$| p/Mercury3 RFID Query protocol/ match rtsp m|^RTSP/1.0 400 Bad Request\r\nServer: DSS/([-.\w]+) \[(v\d+)]-(\w+)\r\n| p/DarwinStreamingServer/ v/$1/ i/$2 on $3/ match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: QTSS/(\d[\d.]+ \[v\d+\]-Win32)\r\nCseq: \r\n| p/Apple QuickTime Streaming Server/ v/$1/ o/Windows/ @@ -4868,7 +4869,7 @@ match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: \r\nTo: \nft_StUfF_keyOK\nER\n$| p/Festival Speech Synthesis System/ @@ -5052,7 +5053,7 @@ match http m|^HTTP/1\.0 400\r\nContent-Type: text/html\r\n\r\n
Service unavailable
\n| p/HTTP Replicator proxy/
 
-match policyd m|^action=defer_if_permit Policy Rejection: Invalid data\n\n$| p/Postfix mail policyd/
+match policy m|^action=defer_if_permit Policy Rejection: Invalid data\n\n$| p/Postfix mail policyd/
 
 match tgcmd m|^\d+ \d+ \d+,Invalid command\.\n$| p/tgcmd.exe support daemon/ o/Windows/
 
@@ -5105,10 +5106,10 @@ ports 81,111,199,514,544,710,711,1433,2049,4045,4999,7000,32750-32810,38978
 # Microsoft SQLServer 6.5 on WinNT 4.0 SP6a
 # Microsoft SQL Server 6.5 on WinNT 4.0
 match ms-sql-s m|^\x04\x01\0C..\0\0\xaa\0\0\0/\x0f\xa2\x01\x0e.. Login failed\r\n\x14Microsoft SQL Server\0\0\0\xfd\0\xfd\0\0\0\0\0\x02$|s p/Microsoft SQLServer/ v/6.5/ o/Windows/
-match rpc m|^\x80\0\0\x18\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01|
-match rpc m|^\x80\0\0\x20\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02|
-match rpc m|^\x80\0\0\x14r\xfe\x1d\x13\0\0\0\x01\0\0\0\x01\0\0\0\x01\0\0\0\x05|
-match rpc m|^\x80\0\0\x18r\xfe\x1d\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0|
+match rpcbind m|^\x80\0\0\x18\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01|
+match rpcbind m|^\x80\0\0\x20\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02|
+match rpcbind m|^\x80\0\0\x14r\xfe\x1d\x13\0\0\0\x01\0\0\0\x01\0\0\0\x01\0\0\0\x05|
+match rpcbind m|^\x80\0\0\x18r\xfe\x1d\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0|
 match raid-mon m|^\0 \0.{4}C\x04\0\0\0\x02\\@| p/Promise RAID array monitor/ v/3.X/
 match raid-mon m|^\0 \0.{4}D\x04\0\0\0\x02\\@| p/Promise RAID array monitor/ v/4.X/
 match raid-mon m|^\x02 \0.{4}G\x04\0\0\0\x02\\@| p/Promise RAID array monitor/
@@ -5133,8 +5134,8 @@ rarity 1
 ports 17,88,111,500,517,518,2427,4045,10080,12203,27960,32750-32810,38978
 
 match amanda m|^Amanda ([\d.]+) NAK HANDLE  SEQ 0\nERROR expected \"Amanda\", got \"r\xfe\x1d\x13\"\n| p/Amanda backup service/ v/$1/ o/Unix/
-match rpc m|^\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01|
-match rpc m|^\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02|
+match rpcbind m|^\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01|
+match rpcbind m|^\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02|
 # OpenAFS 1.2.10 on Linux 2.4.22
 match kerberos-sec m|^\x04\n\0\0\0\0\0\0\0\0\0\0\x04code = 4: packet version number unknown\0| p/OpenAFS/
 # talk-server-0.17 (linux), ports 517-518/udp
@@ -5352,7 +5353,7 @@ match tftp m|^\0\x05\0\0Bad mode\0|
 match tftp m|^\0\x05\0\x02Access violation\0|
 match tftp m|^\0\x05\0\x04\w+\0|
 
-match landesk m|^\0\0\0\0USER\x01\0\x10\0\x08\0:\xd0\x08\0:\xd0\x01\x01\.\0O\0\x03\0T\0\xff\xff\0\0\0\xfd\0\0\0\0\0\0\x02\0\0\0LANDeskWorkgroup Manager ver ([\d.]+)\0| p/LANDesk Workgroup Manager/ v/$1/ o/Windows/
+match landesk-rc m|^\0\0\0\0USER\x01\0\x10\0\x08\0:\xd0\x08\0:\xd0\x01\x01\.\0O\0\x03\0T\0\xff\xff\0\0\0\xfd\0\0\0\0\0\0\x02\0\0\0LANDeskWorkgroup Manager ver ([\d.]+)\0| p/LANDesk Workgroup Manager/ v/$1/ o/Windows/
 
 
 # DNS Server status request: http://www.crynwr.com/crynwr/rfc1035/rfc1035.html
@@ -5744,8 +5745,8 @@ match xtel m|^\x15Annuaire \xe9lectronique| p/xteld/ i/French/
 match tor m|^\x16\x03\0\0\*\x02\0\0&\x03\0.*T[oO][rR]1.*[\x00-\x20]([-\w_.]+) |s p/Tor node/ i/Node name: $1/
 
 # Sophos Message Router
-match ssl/sophos m|^\x16\x03\0.*Router\$([a-zA-Z0-9_-]+).*Sophos EM Certification Manager|s p/Sophos Message Router/ h/$1/
-match ssl/sophos m|^\x16\x03\0.*Sophos EM Certification Manager|s p/Sophos Message Router/
+match sophos/ssl m|^\x16\x03\0.*Router\$([a-zA-Z0-9_-]+).*Sophos EM Certification Manager|s p/Sophos Message Router/ h/$1/
+match sophos/ssl m|^\x16\x03\0.*Sophos EM Certification Manager|s p/Sophos Message Router/
 
 
 # SMB Negotiate Protocol
@@ -5848,7 +5849,6 @@ Probe TCP X11Probe q|\x6C\0\x0B\0\0\0\0\0\0\0\0\0|
 rarity 4
 ports 80,443,497,1550,5302,6000-6020,7000,7100,7101,7777,8000
 # retroclient 6.5.108 on Linux
-match dantzretrospect m|^\0\xca\0\0\0\0\0\x04\0\0\0\0\0\0\x02\($| p/Dantz Retrospect backup client/
 match font-service m|^\0\0\x02\0\0\0\0\0\0\0\0\0\x06\0\0\0\0@\x0c\0p\x17\0\0X Consortium\x01\n\x01\0\x05\0\0\0....\0\0..\0\0\0\0$|s p/Sun Solaris fs.auto/ o/Solaris/
 # HP-UX 11.11
 match font-service m|^\0\0\x02\0\0\0\0\0\0\0\0\0\x06\0\0\0\0@\x0c\0\xd4\x17\0\0X Consortium\x01\n\x01\0\x05\0\0\0....\0\0..\0\0\0\0$|s p/HP-UX X Font Server/ o/HP-UX/
@@ -5861,6 +5861,8 @@ match networkaudio m|^\0\x19\x02\0\x02\0\x07\0Protocol version mismatch\0| p|Net
 # ichat-proxy; only two bytes might be too generic (Brandon)
 match ichat-proxy m|^\x05\xff$| p/Apple iChat Server file transfer proxy/ o/Mac OS X/
 
+match retrospect m|^\0\xca\0\0\0\0\0\x04\0\0\0\0\0\0\x02\($| p/Dantz Retrospect backup client/
+
 match X11 m|^\x01\0\x0b\0\0.....\0\0\0\0.*Sun Microsystems, Inc\.|s p/XSun Solaris X11 server/
 match X11 m|^\0\x2D\x0B\0\0\0\x0C\0| i/access denied/
 # I think the below means access denied (no authentication protocol 
@@ -6115,7 +6117,7 @@ match lotusnotes m|^.\0\0\0.\0\0\0\x03\0\0@\x02\x0f\0.*\x03\0\0\0\0\x02\0/\0.\0\
 match lotusnotes m|^.\0\0\0.\0\0\0\x03\0\0@\x02\x0f\0.*\x03\0\0\0\0\x02\0/\0.\0\0\0\0\0\0\0.*CN=([-.\w ]+)/OU=([-.\w ]+)/OU=([-.\w ]+)/O=([-.\w ]+)|s p/Lotus Domino server/ i|CN=$1;OU=$2/$3;Org=$4|
 
 # Interesting service: Not sure if it's RPC
-match rpc m|^\x18\0\x01\x02Invalid packet length\0| p/Amanda voicemail system/ d/telecom-misc/
+match rpcbind m|^\x18\0\x01\x02Invalid packet length\0| p/Amanda voicemail system/ d/telecom-misc/
 # Moved this from SSLSessionReq because it seems more reliable.
 match svrloc m|^\x02\x02\0\0\x12\0\0\0\0\0\0\0\0\x02en\0\x02$| p/Apple slpd/ o/Mac OS/
 match tibia m|^V\0\x02\0Your terminal version is too old\.\nPlease get a new version at\nhttp://www\.tibia\.com\.\0$| p/Tibia graphical MUD/
@@ -6234,7 +6236,7 @@ ports 1035,1521,1522,1525,1574,1748,1754
 match oracle-tns m|^\0.\0\0\x02\0\0\0.*TNSLSNR for ([-.+/ \w]{2,20}): Version ([-\d.]+) - Production|s p/Oracle TNS Listener/ v/$2 (for $1)/
 match dbsnmp m|^\0.\0\0\x02\0\0\0.*\(IAGENT = \(AGENT_VERSION = ([\d.]+)\)\(RPC_VERSION = ([\d.]+)\)\)|s p/Oracle Intelligent Agent/ v/$1/ i/RPC v$2/
 match oracle-tns m|^\0.\0\0\x02\0\0\0|s p/Oracle TNS Listener/
-match oracle-dbsnmp m|^\0,\0\0\x04\0\0\0\"\0\0 \(CONNECT_DATA=\(COMMAND=version\)\)| p/Oracle DBSNMP/
+match dbsnmp m|^\0,\0\0\x04\0\0\0\"\0\0 \(CONNECT_DATA=\(COMMAND=version\)\)| p/Oracle DBSNMP/
 
 ##############################NEXT PROBE##############################
 Probe UDP xdmcp q|\0\x01\0\x02\0\x01\0\0|
@@ -6396,11 +6398,11 @@ match stomp m|^ERROR\nmessage:Unknown STOMP action:.+ org\.apache\.activemq\.|s
 
 
 ##############################NEXT PROBE##############################
-# memcached, text mode protocol
-Probe TCP Memcached q|stats\r\n|
+# memcache, text mode protocol
+Probe TCP Memcache q|stats\r\n|
 rarity 8
 ports 11211
-match memcached m|^STAT pid (\d+)\r\nSTAT uptime (\d+)\r\n.*?STAT version ([\w_.-]+)\r\n.*?STAT curr_items (\d+)\r\nSTAT total_items (\d+)\r\nSTAT bytes (\d+)\r\n|s p/memcached/ v/$3/ i/PID $1; uptime $2 seconds; curr items: $4; total items: $5; bytes cached: $6/
+match memcache m|^STAT pid (\d+)\r\nSTAT uptime (\d+)\r\n.*?STAT version ([\w_.-]+)\r\n.*?STAT curr_items (\d+)\r\nSTAT total_items (\d+)\r\nSTAT bytes (\d+)\r\n|s p/memcached/ v/$3/ i/PID $1; uptime $2 seconds; curr items: $4; total items: $5; bytes cached: $6/
 
 
 ##############################NEXT PROBE##############################
diff --git a/nmap-services b/nmap-services
index 73bd38dce..ec3441f64 100644
--- a/nmap-services
+++ b/nmap-services
@@ -431,11 +431,11 @@ subntbcst_tftp    247/tcp    #
 subntbcst_tftp    247/udp    # 
 bhfhs             248/tcp    # 
 bhfhs             248/udp    # 
-FW1-secureremote  256/tcp    # also "rap"
+fw1-secureremote  256/tcp    # also "rap"
 rap               256/udp    # 
-FW1-mc-fwmodule   257/tcp    # FW1 management console for communication w/modules and also secure electronic transaction (set) port
+fw1-mc-fwmodule   257/tcp    # FW1 management console for communication w/modules and also secure electronic transaction (set) port
 set               257/udp    # secure electronic transaction
-Fw1-mc-gui        258/tcp    # also yak winsock personal chat
+fw1-mc-gui        258/tcp    # also yak winsock personal chat
 yak-chat          258/udp    # yak winsock personal chat
 esro-gen          259/tcp    # efficient short remote operations
 firewall1-rdp     259/udp    # Firewall 1 proprietary RDP protocol http://www.inside-security.de/fw1_rdp_poc.html
@@ -448,8 +448,8 @@ arcisdms          262/udp    #
 hdap              263/tcp    # 
 hdap              263/udp    # 
 bgmp              264/tcp    # 
-FW1-or-bgmp       264/udp    # FW1 secureremote alternate
-maybeFW1          265/tcp
+fw1-or-bgmp       264/udp    # FW1 secureremote alternate
+maybe-fw1         265/tcp
 http-mgmt         280/tcp    # 
 http-mgmt         280/udp    # 
 personal-link     281/tcp    # 
@@ -702,8 +702,8 @@ contentserver     454/tcp    #
 contentserver     454/udp    # 
 creativepartnr    455/tcp    # 
 creativepartnr    455/udp    # 
-macon-tcp         456/tcp    # 
-macon-udp         456/udp    # 
+macon             456/tcp    # 
+macon             456/udp    # 
 scohelp           457/tcp    # 
 scohelp           457/udp    # 
 appleqtc          458/tcp    # apple quick time
@@ -784,8 +784,8 @@ intecourier       495/tcp    #
 intecourier       495/udp    # 
 pim-rp-disc       496/tcp    # 
 pim-rp-disc       496/udp    # 
-dantz             497/tcp    # 
-dantz             497/udp    # 
+retrospect        497/tcp    # 
+retrospect        497/udp    # 
 siam              498/tcp    # 
 siam              498/udp    # 
 iso-ill           499/tcp    # ISO ILL Protocol
@@ -886,8 +886,8 @@ dhcpv6-client     546/tcp    # DHCPv6 Client
 dhcpv6-client     546/udp    # DHCPv6 Client
 dhcpv6-server     547/tcp    # DHCPv6 Server
 dhcpv6-server     547/udp    # DHCPv6 Server
-afpovertcp        548/tcp    # AFP over TCP
-afpovertcp        548/udp    # AFP over UDP
+afp               548/tcp    # AFP over TCP
+afp               548/udp    # AFP over UDP
 idfp              549/tcp    # 
 idfp              549/udp    # 
 new-rwho          550/tcp    # new-who
@@ -1118,7 +1118,7 @@ accessbuilder     888/udp    #
 sun-manageconsole 898/tcp    # Solaris Management Console Java listener (Solaris 8 & 9)
 ftps-data         989/tcp    # ftp protocol, data, over TLS/SSL
 samba-swat        901/tcp    # Samba SWAT tool.  Also used by ISS RealSecure.
-iss-realsecure-sensor 902/tcp # ISS RealSecure Sensor
+iss-realsecure    902/tcp    # ISS RealSecure Sensor
 iss-console-mgr   903/tcp    # ISS Console Manager
 oftep-rpc         950/tcp    # Often RPC.statd (on Redhat Linux)
 rndc              953/tcp    # RNDC is used by BIND 9 (& probably other NS)
@@ -1159,8 +1159,8 @@ iad3              1032/udp   # BBN IAD
 netinfo           1033/tcp   # Netinfo is apparently on many OS X boxes.
 activesync-notify 1034/udp   # Windows Mobile device ActiveSync Notifications
 netsaint          1040/tcp   # Netsaint status daemon
-boinc-client      1043/tcp   # BOINC Client Control or Microsoft IIS
-boinc-client      1043/udp   # BOINC Client Control
+boinc             1043/tcp   # BOINC Client Control or Microsoft IIS
+boinc             1043/udp   # BOINC Client Control
 java-or-OTGfileshare 1050/tcp # J2EE nameserver, also OTG, also called Disk/Application extender. Could also be MiniCommand backdoor OTGlicenseserv
 nim               1058/tcp   # 
 nim               1058/udp   # 
@@ -1559,7 +1559,7 @@ cichild-lm        1523/udp   #
 ingreslock        1524/tcp   # ingres
 ingreslock        1524/udp   # ingres
 orasrv            1525/tcp   # oracle or Prospero Directory Service non-priv
-orasrv            1525/udp   # oracle
+oracle            1525/udp   # oracle
 pdap-np           1526/tcp   # Prospero Data Access Prot non-priv
 pdap-np           1526/udp   # Prospero Data Access Prot non-priv
 tlisrv            1527/tcp   # oracle
@@ -1660,8 +1660,8 @@ landesk-rc        1764/tcp   # LANDesk Remote Control
 radius            1812/udp   # RADIUS authentication protocol (RFC 2138)
 radacct           1813/udp   # RADIUS accounting protocol (RFC 2139)
 pcm               1827/tcp   # PCM Agent (AutoSecure Policy Compliance Manager
-UPnP              1900/tcp   # Universal PnP
-UPnP              1900/udp   # Universal PnP
+upnp              1900/tcp   # Universal PnP
+upnp              1900/udp   # Universal PnP
 rtmp              1935/tcp   # Macromedia FlasComm Server
 bigbrother        1984/tcp   # Big Brother monitoring server - www.bb4.com
 licensedaemon     1986/tcp   # cisco license management
@@ -1698,7 +1698,7 @@ dc                2001/tcp   # or nfr20 web queries
 wizard            2001/udp   # curry
 globe             2002/tcp   # 
 globe             2002/udp   # 
-cfingerd          2003/tcp   # GNU finger
+finger            2003/tcp   # GNU finger (cfingerd)
 mailbox           2004/tcp   # 
 emce              2004/udp   # CCWS mm conf
 deslogin          2005/tcp   # encrypted symmetric telnet/login
@@ -1843,14 +1843,14 @@ wap-push          2948/udp   # Windows Mobile devices often have this
 symantec-av       2967/udp   # Symantec AntiVirus (rtvscan.exe)
 iss-realsec       2998/tcp   # ISS RealSecure IDS Remote Console Admin port
 ppp               3000/tcp   # User-level ppp daemon, or chili!soft asp
-nessusd           3001/tcp   # Nessus Security Scanner (www.nessus.org) Daemon or chili!soft asp
+nessus            3001/tcp   # Nessus Security Scanner (www.nessus.org) Daemon or chili!soft asp
 deslogin          3005/tcp   # encrypted symmetric telnet/login
 deslogind         3006/tcp   # 
 slnp              3025/tcp   # SLNP (Simple Library Network Protocol) by Sisis Informationssysteme GmbH
 slnp              3045/tcp   # SLNP (Simple Library Network Protocol) by Sisis Informationssysteme GmbH
 cfs               3049/tcp   # cryptographic file system (nfs) (proposed)
 cfs               3049/udp   # cryptographic file system (nfs)
-PowerChute        3052/tcp
+powerchute        3052/tcp
 dnet-tstproxy     3064/tcp   # distributed.net (a closed source crypto-cracking project) proxy test port
 sj3               3086/tcp   # SJ3 (kanji input)
 squid-http        3128/tcp   #
@@ -1932,10 +1932,10 @@ rfa               4672/tcp   # remote file access server
 rfa               4672/udp   # remote file access server
 squid-htcp        4827/udp   # Squid proxy HTCP port
 radmin            4899/tcp   # Radmin (www.radmin.com) remote PC control software
-maybeveritas      4987/tcp   #
-maybeveritas      4998/tcp   #
-UPnP              5000/tcp   # Universal PnP, also Free Internet Chess Server
-UPnP              5000/udp   # also complex-main
+maybe-veritas     4987/tcp   #
+maybe-veritas     4998/tcp   #
+upnp              5000/tcp   # Universal PnP, also Free Internet Chess Server
+upnp              5000/udp   # also complex-main
 commplex-link     5001/tcp   # 
 commplex-link     5001/udp   # 
 rfe               5002/tcp   # Radio Free Ethernet
@@ -1986,7 +1986,7 @@ pcduo-old         5400/tcp   # RemCon PC-Duo - old port
 pcduo             5405/tcp   # RemCon PC-Duo - new port
 omid              5428/udp   # OpenMosix Info Dissemination
 connect-proxy     5490/tcp   # Many HTTP CONNECT proxies 
-postgres          5432/tcp   # postgres database server
+postgresql        5432/tcp   # PostgreSQL database server
 hotline           5500/tcp   # Hotline file sharing client/server
 securid           5500/udp   # SecurID
 secureidprop      5510/tcp   # ACE/Server services
@@ -2039,7 +2039,7 @@ X11:8             6008/tcp   # X Window server
 X11:9             6009/tcp   # X Window server
 xmail-ctrl        6017/tcp   # XMail CTRL server
 arcserve          6050/tcp   # ARCserve agent
-VeritasBackupExec 6101/tcp   # Backup Exec UNIX and 95/98/ME Aent
+backupexec        6101/tcp   # Backup Exec UNIX and 95/98/ME Aent
 RETS-or-BackupExec 6103/tcp  # Backup Exec Agent Accelerator and Remote Agent also sql server and cisco works blue
 isdninfo          6105/tcp   # isdninfo
 isdninfo          6106/tcp   # i4lmond
@@ -2073,9 +2073,9 @@ crystalreports    6400/tcp   # Seagate Crystal Reports
 crystalenterprise 6401/tcp   # Seagate Crystal Enterprise
 mythtv            6543/tcp
 mythtv            6544/tcp
-PowerChutePLUS    6547/tcp   #
-PowerChutePLUS    6548/tcp   #
-PowerChutePLUS    6549/udp   #
+powerchuteplus    6547/tcp   #
+powerchuteplus    6548/tcp   #
+powerchuteplus    6549/udp   #
 netop-rc          6502/tcp   # NetOp Remote Control (by Danware Data A/S)
 netop-rc          6502/udp   # NetOp Remote Control (by Danware Data A/S)
 xdsxdm            6558/tcp   # 
@@ -2090,7 +2090,7 @@ irc               6669/tcp   # Internet Relay Chat
 irc               6670/tcp   # Internet Relay Chat
 carracho          6700/tcp   # Carracho file sharing
 carracho          6701/tcp   # Carracho file sharing
-bittorent-tracker 6881/tcp   # BitTorrent tracker
+bittorrent-tracker 6881/tcp  # BitTorrent tracker
 acmsoda           6969/tcp   #
 acmsoda           6969/udp   #
 napster           6699/tcp   # Napster File (MP3) sharing  software
@@ -2148,9 +2148,9 @@ https-alt         8443/tcp   # Common alternative https port
 apple-iphoto      8770/tcp   # Apple iPhoto sharing
 sun-answerbook    8888/tcp   # Sun Answerbook HTTP server.  Or gnump3d streaming music server
 seosload          8892/tcp   # From the new Computer Associates eTrust ACX
-tor-transport     9040/tcp   # Tor TransPort, www.torproject.org
-tor-socksport     9050/tcp   # Tor SocksPort, www.torproject.org
-tor-controlport   9051/tcp   # Tor ControlPort, www.torproject.org
+tor-trans         9040/tcp   # Tor TransPort, www.torproject.org
+tor-socks         9050/tcp   # Tor SocksPort, www.torproject.org
+tor-control       9051/tcp   # Tor ControlPort, www.torproject.org
 zeus-admin        9090/tcp   # Zeus admin server
 jetdirect         9100/tcp   # HP JetDirect card
 jetdirect         9101/tcp   # HP JetDirect card
@@ -2176,28 +2176,28 @@ amandaidx         10082/tcp  # Amanda indexing
 amidxtape         10083/tcp  # Amanda tape indexing
 pksd              11371/tcp  # PGP Public Key Server
 cce4x             12000/tcp  # ClearCommerce Engine 4.x (www.clearcommerce.com)
-NetBus            12345/tcp  # NetBus backdoor trojan or Trend Micro Office Scan
-NetBus            12346/tcp  # NetBus backdoor trojan
-VeritasNetbackup  13701/tcp  # vmd           server
-VeritasNetbackup  13702/tcp  # ascd          server
-VeritasNetbackup  13705/tcp  # tl8cd         server
-VeritasNetbackup  13706/tcp  # odld          server
-VeritasNetbackup  13708/tcp  # vtlcd         server
-VeritasNetbackup  13709/tcp  # ts8d          server
-VeritasNetbackup  13710/tcp  # tc8d          server
-VeritasNetbackup  13711/tcp  #               server
-VeritasNetbackup  13712/tcp  # tc4d          server
-VeritasNetbackup  13713/tcp  # tl4d          server
-VeritasNetbackup  13714/tcp  # tsdd          server
-VeritasNetbackup  13715/tcp  # tshd          server
-VeritasNetbackup  13716/tcp  # tlmd          server
-VeritasNetbackup  13717/tcp  # tlhcd         server
-VeritasNetbackup  13718/tcp  # lmfcd         server
-VeritasNetbackup  13720/tcp  # bprd          server
-VeritasNetbackup  13721/tcp  # bpdbm         server
-VeritasNetbackup  13722/tcp  # bpjava-msvc   client
-VeritasNetbackup  13782/tcp  # bpcd          client
-VeritasNetbackup  13783/tcp  # vopied        client
+netbus            12345/tcp  # NetBus backdoor trojan or Trend Micro Office Scan
+netbus            12346/tcp  # NetBus backdoor trojan
+netbackup         13701/tcp  # vmd           server
+netbackup         13702/tcp  # ascd          server
+netbackup         13705/tcp  # tl8cd         server
+netbackup         13706/tcp  # odld          server
+netbackup         13708/tcp  # vtlcd         server
+netbackup         13709/tcp  # ts8d          server
+netbackup         13710/tcp  # tc8d          server
+netbackup         13711/tcp  #               server
+netbackup         13712/tcp  # tc4d          server
+netbackup         13713/tcp  # tl4d          server
+netbackup         13714/tcp  # tsdd          server
+netbackup         13715/tcp  # tshd          server
+netbackup         13716/tcp  # tlmd          server
+netbackup         13717/tcp  # tlhcd         server
+netbackup         13718/tcp  # lmfcd         server
+netbackup         13720/tcp  # bprd          server
+netbackup         13721/tcp  # bpdbm         server
+netbackup         13722/tcp  # bpjava-msvc   client
+netbackup         13782/tcp  # bpcd          client
+netbackup         13783/tcp  # vopied        client
 bo2k              14141/tcp  # Back Orifice 2K BoPeep mouse/keyboard input
 bo2k              15151/tcp  # Back Orifice 2K BoPeep video output
 swgps             15126/tcp  # Nortel Java S/WGPS Global Payment Solutions for US credit card authorizations
@@ -2211,13 +2211,13 @@ wdbrpc            17185/udp  # vxWorks WDB remote debugging ONCRPC
 kuang2            17300/tcp  # Kuang2 backdoor
 biimenu           18000/tcp  # Beckman Instruments, Inc.
 biimenu           18000/udp  # Beckman Instruments, Inc.
-opsec_cvp         18181/tcp  # Check Point OPSEC
-opsec_ufp         18182/tcp  # Check Point OPSEC
-opsec_sam         18183/tcp  # Check Point OPSEC
-opsec_lea         18184/tcp  # Check Point OPSEC
-opsec_omi         18185/tcp  # Check Point OPSEC
-opsec_ela         18187/tcp  # Check Point OPSEC
-gkrellmd          19150/tcp    # GKrellM remote system activity meter daemon
+opsec-cvp         18181/tcp  # Check Point OPSEC
+opsec-ufp         18182/tcp  # Check Point OPSEC
+opsec-sam         18183/tcp  # Check Point OPSEC
+opsec-lea         18184/tcp  # Check Point OPSEC
+opsec-omi         18185/tcp  # Check Point OPSEC
+opsec-ela         18187/tcp  # Check Point OPSEC
+gkrellm           19150/tcp    # GKrellM remote system activity meter daemon
 btx               20005/tcp  # xcept4 (Interacts with German Telekom's CEPT videotext service)
 wnn6              22273/tcp  # Wnn6 (Japanese input)
 wnn6_Cn           22289/tcp  # Wnn6 (Chinese input)
@@ -2251,7 +2251,7 @@ heretic2          28910/udp  # Heretic 2 game server
 Trinoo_Register   31335/udp  # Trinoo distributed attack tool Bcast Daemon registration port
 BackOrifice       31337/udp  # cDc Back Orifice remote admin tool
 Elite             31337/tcp  # Sometimes interesting stuff can be found here
-boinc-client      31416/tcp  # BOINC Client Control
+boinc             31416/tcp  # BOINC Client Control
 omad              32768/udp  # OpenMosix Autodiscovery Daemon
 sometimes-rpc3    32770/tcp  # Sometimes an RPC port on my Solaris box
 sometimes-rpc4    32770/udp  # Sometimes an RPC port on my Solaris box