Call for info: Unknown OS and Service Banner Reporting


#1

Hi *,

as you might know the feed (and its Detection and VTs) is heavily relying on the banner of
services running / exposed on a remote host.

In the last months we did some improvements to our unknown banner reporting to consolidate this info into a single VT. If you’re stumbling over the output of the following VT within a report:

Name: Unknown OS and Service Banner Reporting
OID: 1.3.6.1.4.1.25623.1.0.108441
Family: Service detection

it would be great if you could either post the information in a new thread within the Vulnerability Tests category or (if it contains sensitive info) privately to me via a PN.

This helps us to improve the feed and to detect a wider range of different Operating Systems and
Services.

Thank you for your contribution.

Additional to the “Unknown OS Reporting” described above general information on the OS Detection methods are available in the following VT:

Name: OS Detection Consolidation and Reporting
OID: 1.3.6.1.4.1.25623.1.0.105937
Family: Product detection

This output could also contain some information on an existing OS Detection which could be improved / updated to detect an OS more precisely.


False positive or not false positive
Cisco ASA Detection