mirror of
https://github.com/nmap/nmap.git
synced 2025-12-15 20:29:03 +00:00
fea1ab7c39
discussion on nmap-dev about how best to handle these. I also updated the docs and am about to regenerate script.db. See this thread for more info: http://seclists.org/nmap-dev/2009/q3/1008.html
31 lines
713 B
Lua
31 lines
713 B
Lua
description = [[
|
|
Checks for an identd (auth) server which is spoofing its replies.
|
|
|
|
Tests whether an identd (auth) server responds with an answer before
|
|
we even send the query. This sort of identd spoofing can be a sign of
|
|
malware infection though it can also be used for legitimate privacy
|
|
reasons.
|
|
]]
|
|
|
|
author = "Diman Todorov <diman.todorov@gmail.com>"
|
|
|
|
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
|
|
|
|
categories = {"malware", "safe"}
|
|
|
|
require "comm"
|
|
require "shortport"
|
|
|
|
portrule = shortport.port_or_service(113, "auth")
|
|
|
|
action = function(host, port)
|
|
local status, owner = comm.get_banner(host, port, {lines=1})
|
|
|
|
if not status then
|
|
return
|
|
end
|
|
|
|
return "Spoofed reply: " .. owner
|
|
end
|
|
|