Giters

rapid7 / recog

Pattern recognition for hosts, services, and content

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Incorrect NTP fingerprint for F5 BIG-IP

jhart-r7 opened this issue · comments

commented

The existing fingerprint is far too loose:

 <fingerprint pattern=".*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,\s*processor=&quot;([^ ]+)&quot;,\s*system=&quot;[^ ]+.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">

When I put this example in, it passes recog_verify but shouldn't:

version="ntpd version = 4.1.0", processor="unknown", system="OpenVMS AXP", leap=0, stratum=4, precision=-11, rootdelay=214.836, rootdispersion=162.916, peer=24756, refid=a.b.c.d, reftime=ffff poll=10, clock=fffff, state=4, offset=39.552, frequency=6.214, jitter=14.150, stability=5.564