ARCserve Backup for Laptops & Desktops Server Detection
2007-01-26T00:00:00
ID ARCSERVE_LGSERVER_DETECT.NASL Type nessus Reporter Tenable Modified 2017-04-28T00:00:00
Description
BrightStor ARCserve Backup for Laptops & Desktops Server / BrightStor
Mobile Backup Server, an enterprise class backup solution for remote
and mobile Windows-based PCs, is installed on the remote host. And
the service listening on this port is used by clients to backup and
restore files.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(24238);
script_version("$Revision: 1.10 $");
script_cvs_date("$Date: 2017/04/28 14:01:58 $");
script_name(english:"ARCserve Backup for Laptops & Desktops Server Detection");
script_summary(english:"Detects an ARCserve Backup for Laptops & Desktops Server");
script_set_attribute(attribute:"synopsis", value:
"There is a backup service running on the remote host.");
script_set_attribute(attribute:"description", value:
"BrightStor ARCserve Backup for Laptops & Desktops Server / BrightStor
Mobile Backup Server, an enterprise class backup solution for remote
and mobile Windows-based PCs, is installed on the remote host. And
the service listening on this port is used by clients to backup and
restore files.");
script_set_attribute(attribute:"see_also", value:"https://www.ca.com/us.html");
script_set_attribute(attribute:"solution", value:
"Limit incoming traffic to this port if desired.");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/26");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Service detection");
script_copyright(english:"This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.");
script_dependencies("find_service1.nasl");
script_require_ports("Services/unknown", 2200);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("byte_func.inc");
if (thorough_tests && ! get_kb_item("global_settings/disable_service_discovery") )
{
port = get_unknown_svc(2200);
if (!port) exit(0);
}
else port = 2200;
if (known_service(port:port)) exit(0);
if (!get_tcp_port_state(port)) exit(0);
soc = open_sock_tcp(port);
if (!soc) exit(0);
# Probe the service.
set_byte_order(BYTE_ORDER_LITTLE_ENDIAN);
magic = mkdword(0x1b2c3d4e);
req = magic + crap(data:mkbyte(0), length:256);
send(socket:soc, data:req);
res = recv(socket:soc, length:24);
if (res == NULL) exit(0);
# If ...
if (
# the response length is 24 and...
strlen(res) == 24 &&
# it starts with our "magic" and ...
stridx(res, magic) == 0 &&
# the second dword is 0xfe
getdword(blob:res, pos:8) == 0xFE
)
{
# Read the next packet.
res = recv(socket:soc, length:24);
if (res == NULL) exit(0);
if (
# the response length is 24 and...
strlen(res) == 24 &&
# it starts with our "magic" and ...
stridx(res, magic) == 0 &&
# the second dword is 0xff
getdword(blob:res, pos:8) == 0xFF
)
{
# Register and report the service.
register_service(port:port, ipproto:"tcp", proto:"lgserver");
security_note(port);
}
}
{"id": "ARCSERVE_LGSERVER_DETECT.NASL", "bulletinFamily": "scanner", "title": "ARCserve Backup for Laptops & Desktops Server Detection", "description": "BrightStor ARCserve Backup for Laptops & Desktops Server / BrightStor\nMobile Backup Server, an enterprise class backup solution for remote\nand mobile Windows-based PCs, is installed on the remote host. And\nthe service listening on this port is used by clients to backup and\nrestore files.", "published": "2007-01-26T00:00:00", "modified": "2017-04-28T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=24238", "reporter": "Tenable", "references": ["https://www.ca.com/us.html"], "cvelist": [], "type": "nessus", "lastseen": "2019-01-16T20:07:07", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "BrightStor ARCserve Backup for Laptops & Desktops Server / BrightStor Mobile Backup Server, an enterprise class backup solution for remote and mobile Windows-based PCs, is installed on the remote host. And the service listening on this port is used by clients to backup and restore files.", "edition": 2, "enchantments": {}, "hash": "34a70a8f3ef3455b7f196c1598050a486dc393634c7da0edd13a0980d6c11e58", "hashmap": [{"hash": "e1e3e4b7d027be780bcfa295e223fa37", "key": "pluginID"}, {"hash": "ba7ca754b44869dae389b89ab1086045", "key": "modified"}, {"hash": "a560afac9a96946e9c629f725397413f", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a3d3c73c01505d0383b007174b5bb5ac", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "1fbde17c1c4321ae0d4342a8c0b317e1", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "77c9572deefee9b70523a0ad5cedd387", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1cd24477ded4a74da2487283cc2028af", "key": "title"}, {"hash": "e4ee008d3a26457b7028b697732f61b6", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "5245d18ae1fda78069b85048e9dadd19", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=24238", "id": "ARCSERVE_LGSERVER_DETECT.NASL", "lastseen": "2017-04-28T18:43:59", "modified": "2017-04-28T00:00:00", "naslFamily": "Service detection", "objectVersion": "1.2", "pluginID": "24238", "published": "2007-01-26T00:00:00", "references": ["https://www.ca.com/us.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24238);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2017/04/28 14:01:58 $\");\n\n script_name(english:\"ARCserve Backup for Laptops & Desktops Server Detection\");\n script_summary(english:\"Detects an ARCserve Backup for Laptops & Desktops Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"There is a backup service running on the remote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"BrightStor ARCserve Backup for Laptops & Desktops Server / BrightStor\nMobile Backup Server, an enterprise class backup solution for remote\nand mobile Windows-based PCs, is installed on the remote host. And\nthe service listening on this port is used by clients to backup and\nrestore files.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ca.com/us.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Limit incoming traffic to this port if desired.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Service detection\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\");\n script_require_ports(\"Services/unknown\", 2200);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"byte_func.inc\");\n\n\nif (thorough_tests && ! get_kb_item(\"global_settings/disable_service_discovery\") )\n{\n port = get_unknown_svc(2200);\n if (!port) exit(0);\n}\nelse port = 2200;\nif (known_service(port:port)) exit(0);\nif (!get_tcp_port_state(port)) exit(0);\n\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n\n# Probe the service.\nset_byte_order(BYTE_ORDER_LITTLE_ENDIAN);\nmagic = mkdword(0x1b2c3d4e);\n\nreq = magic + crap(data:mkbyte(0), length:256);\nsend(socket:soc, data:req);\n\nres = recv(socket:soc, length:24);\nif (res == NULL) exit(0);\n\n\n# If ...\nif (\n # the response length is 24 and...\n strlen(res) == 24 &&\n # it starts with our \"magic\" and ...\n stridx(res, magic) == 0 && \n # the second dword is 0xfe\n getdword(blob:res, pos:8) == 0xFE\n)\n{\n # Read the next packet.\n res = recv(socket:soc, length:24);\n if (res == NULL) exit(0);\n \n if (\n # the response length is 24 and...\n strlen(res) == 24 &&\n # it starts with our \"magic\" and ...\n stridx(res, magic) == 0 && \n # the second dword is 0xff\n getdword(blob:res, pos:8) == 0xFF\n )\n {\n # Register and report the service.\n register_service(port:port, ipproto:\"tcp\", proto:\"lgserver\");\n security_note(port);\n }\n}\n", "title": "ARCserve Backup for Laptops & Desktops Server Detection", "type": "nessus", "viewCount": 3}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2017-04-28T18:43:59"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "BrightStor ARCserve Backup for Laptops & Desktops Server / BrightStor Mobile Backup Server, an enterprise class backup solution for remote and mobile Windows-based PCs, is installed on the remote host. And the service listening on this port is used by clients to backup and restore files.", "edition": 1, "hash": "8a543a3f807e7669faf1a01005f0accdd58f0d25c47a98fdbd0061cc4764e600", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "e1e3e4b7d027be780bcfa295e223fa37", "key": "pluginID"}, {"hash": "253070b2147836c5b000d6f0e62c8663", "key": "modified"}, {"hash": "a560afac9a96946e9c629f725397413f", "key": "description"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a3d3c73c01505d0383b007174b5bb5ac", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "77c9572deefee9b70523a0ad5cedd387", "key": "published"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1cd24477ded4a74da2487283cc2028af", "key": "title"}, {"hash": "87526fc33e5ce8ef74bd05bd2dc4f52b", "key": "references"}, {"hash": "b76a98045b9bf95393e6e70bbd78fd28", "key": "sourceData"}, {"hash": "5245d18ae1fda78069b85048e9dadd19", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=24238", "id": "ARCSERVE_LGSERVER_DETECT.NASL", "lastseen": "2016-09-26T17:23:53", "modified": "2011-10-21T00:00:00", "naslFamily": "Service detection", "objectVersion": "1.2", "pluginID": "24238", "published": "2007-01-26T00:00:00", "references": ["http://www3.ca.com/smb/product.aspx?id=5286"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24238);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2011/10/21 01:22:51 $\");\n\n script_name(english:\"ARCserve Backup for Laptops & Desktops Server Detection\");\n script_summary(english:\"Detects an ARCserve Backup for Laptops & Desktops Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"There is a backup service running on the remote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"BrightStor ARCserve Backup for Laptops & Desktops Server / BrightStor\nMobile Backup Server, an enterprise class backup solution for remote\nand mobile Windows-based PCs, is installed on the remote host. And\nthe service listening on this port is used by clients to backup and\nrestore files.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www3.ca.com/smb/product.aspx?id=5286\");\n script_set_attribute(attribute:\"solution\", value:\n\"Limit incoming traffic to this port if desired.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Service detection\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2011 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\");\n script_require_ports(\"Services/unknown\", 2200);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"byte_func.inc\");\n\n\nif (thorough_tests && ! get_kb_item(\"global_settings/disable_service_discovery\") )\n{\n port = get_unknown_svc(2200);\n if (!port) exit(0);\n}\nelse port = 2200;\nif (known_service(port:port)) exit(0);\nif (!get_tcp_port_state(port)) exit(0);\n\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n\n# Probe the service.\nset_byte_order(BYTE_ORDER_LITTLE_ENDIAN);\nmagic = mkdword(0x1b2c3d4e);\n\nreq = magic + crap(data:mkbyte(0), length:256);\nsend(socket:soc, data:req);\n\nres = recv(socket:soc, length:24);\nif (res == NULL) exit(0);\n\n\n# If ...\nif (\n # the response length is 24 and...\n strlen(res) == 24 &&\n # it starts with our \"magic\" and ...\n stridx(res, magic) == 0 && \n # the second dword is 0xfe\n getdword(blob:res, pos:8) == 0xFE\n)\n{\n # Read the next packet.\n res = recv(socket:soc, length:24);\n if (res == NULL) exit(0);\n \n if (\n # the response length is 24 and...\n strlen(res) == 24 &&\n # it starts with our \"magic\" and ...\n stridx(res, magic) == 0 && \n # the second dword is 0xff\n getdword(blob:res, pos:8) == 0xFF\n )\n {\n # Register and report the service.\n register_service(port:port, ipproto:\"tcp\", proto:\"lgserver\");\n security_note(port);\n }\n}\n", "title": "ARCserve Backup for Laptops & Desktops Server Detection", "type": "nessus", "viewCount": 3}, "differentElements": ["references", "modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:23:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "BrightStor ARCserve Backup for Laptops & Desktops Server / BrightStor Mobile Backup Server, an enterprise class backup solution for remote and mobile Windows-based PCs, is installed on the remote host. And the service listening on this port is used by clients to backup and restore files.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "520ed4c59023ac5b6cd6528cb0d0e8c1692d5e811420411022d6b7be659d4e61", "hashmap": [{"hash": "e1e3e4b7d027be780bcfa295e223fa37", "key": "pluginID"}, {"hash": "ba7ca754b44869dae389b89ab1086045", "key": "modified"}, {"hash": "a560afac9a96946e9c629f725397413f", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a3d3c73c01505d0383b007174b5bb5ac", "key": "naslFamily"}, {"hash": "7b8d2114ec91311d854e21e2699d5b85", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "1fbde17c1c4321ae0d4342a8c0b317e1", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "77c9572deefee9b70523a0ad5cedd387", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1cd24477ded4a74da2487283cc2028af", "key": "title"}, {"hash": "e4ee008d3a26457b7028b697732f61b6", "key": "sourceData"}, {"hash": "5245d18ae1fda78069b85048e9dadd19", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=24238", "id": "ARCSERVE_LGSERVER_DETECT.NASL", "lastseen": "2017-10-29T13:35:45", "modified": "2017-04-28T00:00:00", "naslFamily": "Service detection", "objectVersion": "1.3", "pluginID": "24238", "published": "2007-01-26T00:00:00", "references": ["https://www.ca.com/us.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24238);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2017/04/28 14:01:58 $\");\n\n script_name(english:\"ARCserve Backup for Laptops & Desktops Server Detection\");\n script_summary(english:\"Detects an ARCserve Backup for Laptops & Desktops Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"There is a backup service running on the remote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"BrightStor ARCserve Backup for Laptops & Desktops Server / BrightStor\nMobile Backup Server, an enterprise class backup solution for remote\nand mobile Windows-based PCs, is installed on the remote host. And\nthe service listening on this port is used by clients to backup and\nrestore files.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ca.com/us.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Limit incoming traffic to this port if desired.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Service detection\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\");\n script_require_ports(\"Services/unknown\", 2200);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"byte_func.inc\");\n\n\nif (thorough_tests && ! get_kb_item(\"global_settings/disable_service_discovery\") )\n{\n port = get_unknown_svc(2200);\n if (!port) exit(0);\n}\nelse port = 2200;\nif (known_service(port:port)) exit(0);\nif (!get_tcp_port_state(port)) exit(0);\n\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n\n# Probe the service.\nset_byte_order(BYTE_ORDER_LITTLE_ENDIAN);\nmagic = mkdword(0x1b2c3d4e);\n\nreq = magic + crap(data:mkbyte(0), length:256);\nsend(socket:soc, data:req);\n\nres = recv(socket:soc, length:24);\nif (res == NULL) exit(0);\n\n\n# If ...\nif (\n # the response length is 24 and...\n strlen(res) == 24 &&\n # it starts with our \"magic\" and ...\n stridx(res, magic) == 0 && \n # the second dword is 0xfe\n getdword(blob:res, pos:8) == 0xFE\n)\n{\n # Read the next packet.\n res = recv(socket:soc, length:24);\n if (res == NULL) exit(0);\n \n if (\n # the response length is 24 and...\n strlen(res) == 24 &&\n # it starts with our \"magic\" and ...\n stridx(res, magic) == 0 && \n # the second dword is 0xff\n getdword(blob:res, pos:8) == 0xFF\n )\n {\n # Register and report the service.\n register_service(port:port, ipproto:\"tcp\", proto:\"lgserver\");\n security_note(port);\n }\n}\n", "title": "ARCserve Backup for Laptops & Desktops Server Detection", "type": "nessus", "viewCount": 3}, "differentElements": ["description"], "edition": 3, "lastseen": "2017-10-29T13:35:45"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "7b8d2114ec91311d854e21e2699d5b85"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "b1c8611d4318995aae604ce4b72505b6"}, {"key": "href", "hash": "5245d18ae1fda78069b85048e9dadd19"}, {"key": "modified", "hash": "ba7ca754b44869dae389b89ab1086045"}, {"key": "naslFamily", "hash": "a3d3c73c01505d0383b007174b5bb5ac"}, {"key": "pluginID", "hash": "e1e3e4b7d027be780bcfa295e223fa37"}, {"key": "published", "hash": "77c9572deefee9b70523a0ad5cedd387"}, {"key": "references", "hash": "1fbde17c1c4321ae0d4342a8c0b317e1"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "e4ee008d3a26457b7028b697732f61b6"}, {"key": "title", "hash": "1cd24477ded4a74da2487283cc2028af"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "ac33d7a006bd5811968723e4e83892af5eb813e7bbabc34951f4161cd53f0ea7", "viewCount": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2019-01-16T20:07:07"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24238);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2017/04/28 14:01:58 $\");\n\n script_name(english:\"ARCserve Backup for Laptops & Desktops Server Detection\");\n script_summary(english:\"Detects an ARCserve Backup for Laptops & Desktops Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"There is a backup service running on the remote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"BrightStor ARCserve Backup for Laptops & Desktops Server / BrightStor\nMobile Backup Server, an enterprise class backup solution for remote\nand mobile Windows-based PCs, is installed on the remote host. And\nthe service listening on this port is used by clients to backup and\nrestore files.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ca.com/us.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Limit incoming traffic to this port if desired.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Service detection\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\");\n script_require_ports(\"Services/unknown\", 2200);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"byte_func.inc\");\n\n\nif (thorough_tests && ! get_kb_item(\"global_settings/disable_service_discovery\") )\n{\n port = get_unknown_svc(2200);\n if (!port) exit(0);\n}\nelse port = 2200;\nif (known_service(port:port)) exit(0);\nif (!get_tcp_port_state(port)) exit(0);\n\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n\n# Probe the service.\nset_byte_order(BYTE_ORDER_LITTLE_ENDIAN);\nmagic = mkdword(0x1b2c3d4e);\n\nreq = magic + crap(data:mkbyte(0), length:256);\nsend(socket:soc, data:req);\n\nres = recv(socket:soc, length:24);\nif (res == NULL) exit(0);\n\n\n# If ...\nif (\n # the response length is 24 and...\n strlen(res) == 24 &&\n # it starts with our \"magic\" and ...\n stridx(res, magic) == 0 && \n # the second dword is 0xfe\n getdword(blob:res, pos:8) == 0xFE\n)\n{\n # Read the next packet.\n res = recv(socket:soc, length:24);\n if (res == NULL) exit(0);\n \n if (\n # the response length is 24 and...\n strlen(res) == 24 &&\n # it starts with our \"magic\" and ...\n stridx(res, magic) == 0 && \n # the second dword is 0xff\n getdword(blob:res, pos:8) == 0xFF\n )\n {\n # Register and report the service.\n register_service(port:port, ipproto:\"tcp\", proto:\"lgserver\");\n security_note(port);\n }\n}\n", "naslFamily": "Service detection", "pluginID": "24238", "cpe": ["cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops"]}