Incorrect NTP fingerprint for F5 BIG-IP
jhart-r7 opened this issue · comments
Jon Hart commented
The existing fingerprint is far too loose:
<fingerprint pattern=".*version="ntpd ([^ ]+)[^"]+",\s*processor="([^ ]+)",\s*system="[^ ]+.([^"]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
When I put this example in, it passes recog_verify
but shouldn't:
version="ntpd version = 4.1.0", processor="unknown", system="OpenVMS AXP", leap=0, stratum=4, precision=-11, rootdelay=214.836, rootdispersion=162.916, peer=24756, refid=a.b.c.d, reftime=ffff poll=10, clock=fffff, state=4, offset=39.552, frequency=6.214, jitter=14.150, stability=5.564