All, I am getting false positives on SSH ports. I have a Cisco router using SSH that is being identified as RPC service 1.5 and a Linux box running SSH that is being identified as RPC 2.0. The plugin responsible for both is #10336 according to the .nbe output file. I understand this to be NMAP. So NMAP must be grabbing the banner. I am using NMAP verison 3.45 and Nessus 2.0.7.
I think that the plugin may be getting confused. A banner grab of the Cisco router SSH returns this: SSH-1.5-Cisco-1.25 A banner grab of the Linux SSH returns this: SSH-2.0-3.2.0 F-SECURE SSH Either NMAP or the 10336 plugin is incorrectly reading the banner grab and mistaking SSH for RPC. Both banner grabs clearly have SSH in them so I do not know where the problem lies. Any ideas? Thanks, Chris
