[aklug] Fwd: SMB related version detection updates

From: Royce Williams <royce@tycho.org>
Date: Wed Mar 30 2016 - 10:04:43 AKDT

For everyone prepping for Badlock ...

The latest Nmap on Github has significantly improved support for detecting
SMB versions.

See below,.and I will forward final updates when Tom announces them.

Royce

---------- Forwarded message ----------
From: <nmap@fadedcode.net>
Date: Wed, Mar 30, 2016 at 9:39 AM
Subject: RE: SMB related version detection updates
To: Royce Williams <royce@techsolvency.com>
Cc: Nmap-dev <dev@nmap.org>

Royce,
  I'm glad that the timing worked out ;). You can either build from Github
or check them out via Subversion (
https://nmap.org/book/install.html#inst-svn ). Also, I have an open GitHub
PR ( https://github.com/nmap/nmap/pull/348 ) that should improve results
further using the smb-os-discovery NSE script. I expect it to land today
or tomorrow.

As a note, there is still some tuning and tweaking to be done on the SMB
version detection matchlines. I'll try to make another pass as this this
week.

Thanks much,

Tom

-------- Original Message --------
Subject: Re: SMB related version detection updates
From: Royce Williams <royce@techsolvency.com>
Date: Wed, March 30, 2016 7:11 am
To: Tom Sellers <nmap@fadedcode.net>
Cc: Nmap-dev <dev@nmap.org>

On Wed, Mar 30, 2016 at 2:38 AM, Tom Sellers <nmap@fadedcode.net> wrote:
>
> FYI,
> Yesterday in commit 35748 I updated some SMB related match lines. The
intent was to
> improve the scan results in preparation for dealing with Badlock. Fixed
are certain
> matchlines that indicated a specific OS version such as 'Microsoft
Windows NT netbios-ssn'
> that actually matched newer versions of Windows including 2012 R2.
Matches that indicated
> Samba 3.x have been updated as they also match Samba 4.x as well. There
are also a
> couple of new matchlines that help handle and capture data, particularly
in cases where
> responses from Samba exactly match those from Windows.
>
> The changes were tested against Windows 7 and 8, Windows Server 2008,
2008 R2, 2012, 2012 R2
> as well as Samba 3.6.x, 4.1.x, and Apple's current SMB fork.

Tom, I woke up this morning intending to request exactly this update.
You rock, sir!

For future end-user admins who will find this thread:

Until a new release is cut, I assume that the canonical best way to
use these changes is to build nmap from current Github, correct?

Royce

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Mar 30 08:23:21 2016

This archive was generated by hypermail 2.1.8 : Wed Mar 30 2016 - 08:23:21 AKDT