recog 0.01

data/xml/nntp_banners.xml

@@ -0,0 +1,51 @@
+<?xml version="1.0"?>
+<!--
+NNTP greeting messages (part of the banner after the response code) are matched
+against these patterns to fingerprint NNTP servers.
+-->
+
+<fingerprints matches="nntp.banner">
+   <fingerprint pattern="^NNTP Service (?:.*) Version: (5.0.2195.[0-9]+) .*$">
+      <example>NNTP Service 5.00.0984 Version: 5.0.2195.7034 Posting Allowed</example>
+      <example>NNTP Service 5.00.0984 Version: 5.0.2195.5329 Posting Allowed</example>
+      <description>Microsoft IIS NNTP Server on Windows 2000</description>
+      <param pos="0" name="service.vendor" value="Microsoft"/>
+      <param pos="0" name="service.product" value="IIS"/>
+      <param pos="0" name="service.family" value="IIS"/>
+      <param pos="1" name="service.version"/>
+      <param pos="0" name="os.vendor" value="Microsoft"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Windows"/>
+      <param pos="0" name="os.product" value="Windows 2000"/>
+      <param pos="1" name="ms.nttp.version"/>
+   </fingerprint>
+
+   <fingerprint pattern="^NNTP Service (?:.*) Version: (6.0.3790.[0-9]+) .*$">
+     <example>NNTP Service 6.0.3790.3959 Version: 6.0.3790.3959 Posting Allowed</example>
+      <example>NNTP Service 6.0.3790.206 Version: 6.0.3790.206 Posting Allowed</example>
+      <description>Microsoft IIS NNTP Server on Windows Server 2003</description>
+      <param pos="0" name="service.vendor" value="Microsoft"/>
+      <param pos="0" name="service.product" value="IIS"/>
+      <param pos="0" name="service.family" value="IIS"/>
+      <param pos="1" name="service.version"/>
+      <param pos="0" name="os.vendor" value="Microsoft"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Windows"/>
+      <param pos="0" name="os.product" value="Windows Server 2003"/>
+      <param pos="1" name="ms.nttp.version"/>
+   </fingerprint>
+
+   <fingerprint pattern="^NNTP Service Microsoft. Internet Services (?:.*) Version: (?:[^ ]+) .*$">
+      <example>NNTP Service Microsoft. Internet Services 5.00 Version: 5.0.2068.0 Posting Allowed</example>
+      <example>NNTP Service Microsoft. Internet Services 5.00.7515. Version: 5.0.0.7515 Posting Allowed</example>
+      <example>NNTP Service Microsoft. Internet Services 5.5 Version: 5.5.1726.0 Posting Allowed</example>
+      <description>Older Microsoft IIS NNTP Servers</description>
+      <param pos="0" name="service.vendor" value="Microsoft"/>
+      <param pos="0" name="service.family" value="Exchange Server"/>
+      <param pos="0" name="service.product" value="Exchange Server"/>
+      <param pos="0" name="os.vendor" value="Microsoft"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Windows"/>
+      <param pos="0" name="os.product" value="Windows"/>
+   </fingerprint>
+</fingerprints>

data/xml/ntp_banners.xml

@@ -0,0 +1,538 @@
+<?xml version="1.0"?>
+<!--
+NTP "banners", taken from a readvar response
+-->
+<fingerprints matches="ntp.readvar">
+  <fingerprint pattern="^.*version=&quot;ntpd (\S+)[^&quot;]+&quot;,.*system=&quot;Equallogic \(R\) storage array&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on an EqualLogic Storage Array that includes the NTP version</description>
+    <example>
+      version="ntpd 4.2.0-r Fri Feb  5 15:18:30 EST 2010 (1)",
+      processor="Working", system="EqualLogic (R) storage array", leap=0,
+      stratum=3, precision=-7, rootdelay=102.894, rootdispersion=245.154,
+      peer=63940, refid=172.23.16.40, reftime=0xd22791f2.e4026bd4, poll=10,
+      clock=0xd2279937.d078b9f3, state=4, offset=8.644, frequency=39.586,
+      jitter=10.870, stability=0.795
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="EqualLogic"/>
+    <param pos="0" name="os.product" value="Storage Array"/>
+  </fingerprint>
+  <fingerprint pattern="^.*system=&quot;Equallogic \(R\) storage array&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on an EqualLogic Storage Array that does not include the NTP version</description>
+    <example>
+      processor="Working", system="Equallogic (R) storage array", leap=3,
+      stratum=16, precision=-7, rootdelay=0.000, rootdispersion=11715.765,
+      peer=0, refid=0.0.0.0, reftime=0x00000000.00000000, poll=6,
+      clock=0xd229efe1.5559b3d0, state=1, phase=0.000, frequency=0.000,
+      jitter=0.000, stability=0.000
+    </example>
+    <param pos="0" name="os.vendor" value="EqualLogic"/>
+    <param pos="0" name="os.product" value="Storage Array"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;Linux/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on Linux</description>
+    <example>
+      version="ntpd 4.2.4p3@1.1502-o Wed Jul 18 11:45:01 UTC 2007 (1)",
+      processor="i686", system="Linux/2.4.29", leap=00, stratum=3,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Linux"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?7\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on Mac OSX 10.3/Panther</description>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.version" value="10.3"/>
+    <param pos="3" name="os.version.version"/>
+    <param pos="0" name="os.certainty" value="0.9"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?8\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on Mac OSX 10.4/Tiger</description>
+    <example>
+      version="ntpd 4.2.0@1.1161-r Fri Jan 13 11:36:23 PST 2006 (1)",
+      processor="i386", system="Darwin/8.11.1", leap=11, stratum=16,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.version" value="10.4"/>
+    <param pos="3" name="os.version.version"/>
+    <param pos="0" name="os.certainty" value="0.9"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?9\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on Mac OSX 10.5/Leopard</description>
+    <example>
+      version="ntpd 4.2.2@1.1532-o Mon Sep 24 01:42:27 UTC 2007 (1)",
+      processor="Power Macintosh", system="Darwin/9.0.0", leap=3, stratum=16,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.version" value="10.5"/>
+    <param pos="3" name="os.version.version"/>
+    <param pos="0" name="os.certainty" value="0.9"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?10\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on Mac OSX 10.6/Snow Leopard</description>
+    <example>
+      version="ntpd 4.2.4p4@1.1520-o Mon May 18 19:38:25 UTC 2009 (1)",
+      processor="i386", system="Darwin/10.8.0", leap=0, stratum=3,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.version" value="10.6"/>
+    <param pos="3" name="os.version.version"/>
+    <param pos="0" name="os.certainty" value="0.9"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?11\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on Mac OSX 10.7/Lion</description>
+    <example>
+      version="ntpd 4.2.6@1.2089-o Fri May 28 01:20:53 UTC 2010 (1)",
+      processor="x86_64", system="Darwin/11.2.0", leap=11, stratum=16,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.version" value="10.7"/>
+    <param pos="3" name="os.version.version"/>
+    <param pos="0" name="os.certainty" value="0.9"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?(?:[^ ]+-NETSCALER-([^ ]+))&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on Citrix Netscaler, which is based on FreeBSD</description>
+    <example>
+      version="ntpd 4.2.6p2@1.2194 Wed Nov 24 15:54:11 UTC 2010 (1)",
+      processor="i386", system="FreeBSD/6.3-NETSCALER-9.3", leap=00, stratum=3,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Citrix"/>
+    <param pos="0" name="os.product" value="NetScaler"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on FreeBSD</description>
+    <example>
+      version="ntpd 4.2.6p2@1.2194 Wed Nov 24 15:54:11 UTC 2010 (1)",
+      processor="i386", system="FreeBSD/7.4-PRERELEASE", leap=00, stratum=3,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="FreeBSD"/>
+    <param pos="0" name="os.family" value="FreeBSD"/>
+    <param pos="0" name="os.product" value="FreeBSD"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;NetBSD/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on NetBSD</description>
+    <example>
+      version="ntpd 4.2.4p6-o Thu Jan  8 21:02:40 MET 2009 (import)",
+      processor="sparc64", system="NetBSD/5.0_STABLE", leap=00, stratum=1,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="NetBSD"/>
+    <param pos="0" name="os.family" value="NetBSD"/>
+    <param pos="0" name="os.product" value="NetBSD"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;SunOS/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on Solaris</description>
+    <example>
+      version="ntpd 4.2.0@1.1161-r Wed Apr 20 11:28:05 EDT 2005 (1)",
+      processor="sun4u", system="SunOS/5.9", leap=00, stratum=2,
+    </example>
+    <param pos="0" name="os.vendor" value="Sun"/>
+    <param pos="0" name="os.family" value="Solaris"/>
+    <param pos="0" name="os.product" value="Solaris"/>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;JUNOS/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on Juniper/Netscreen JunOS</description>
+    <example>
+      version="ntpd 4.2.0-a Wed Aug 12 04:22:47 UTC 2009 (1)",
+      processor="i386", system="JUNOS9.3R4.4", leap=11, stratum=16,
+    </example>
+    <param pos="0" name="os.vendor" value="Juniper"/>
+    <param pos="0" name="os.family" value="JUNOS"/>
+    <param pos="0" name="os.product" value="JUNOS"/>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;Windows/?([^ ]+)?&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on Windows</description>
+    <example>
+      version="ntpd 4.2.4p7@copenhagen-o May 22 11:25:36 (UTC+02:00) 2009  (3)",
+      processor="x86", system="Windows", leap=00, stratum=2, precision=-19,
+    </example>
+    <example>
+      version="ntpd 4.2.4p4@1.1520-modena-o Dec 05 9:35:28 (UTC+01:00) 2007  (11)",
+      processor="unknown", system="WINDOWS/NT", leap=00, stratum=2,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;HP-UX/?([^ ]+)?&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on HP-UX</description>
+    <example>
+      version="ntpd 4.2.2@1.1532-o Wed Sep  6 16:49:43 EDT 2006 (2)",
+      processor="9000/800", system="HP-UX/B.11.11", leap=00, stratum=1,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.family" value="HP-UX"/>
+    <param pos="0" name="os.product" value="HP-UX"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;[^ ]+&quot;,.*system=&quot;([^ ]+)-hp-hpux([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on HP-UX, where the processor is in the 'system' variable</description>
+    <example>
+      version="ntpd 4.2.5p154@1.1802 Tue Mar 22 22:09:00 UTC 2011 (39)",
+      processor="unknown", system="ia64-hp-hpux11.31", leap=00, stratum=1,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.family" value="HP-UX"/>
+    <param pos="0" name="os.product" value="HP-UX"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;VMkernel/?([^ ]+)?&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on VMware ESXi</description>
+    <example>
+      version="ntpd 4.2.4p6@1.1495 Wed Sep 22 02:33:15 UTC 2010 (1)",
+      processor="x86_64", system="VMkernel/4.1.0", leap=11, stratum=16,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="VMware"/>
+    <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
+    <param pos="0" name="os.product" value="VMware ESXi Server"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern=".*processor=&quot;([^ ]+)&quot;,.*system=&quot;OSF1/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on OSF/1</description>
+    <example>
+      processor="alpha", system="OSF1V4.0", leap=00, stratum=1, precision=-18,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="0" name="os.vendor" value="DEC"/>
+    <param pos="0" name="os.product" value="OSF/1"/>
+    <param pos="2" name="os.version"/>
+    <param pos="1" name="os.arch"/>
+  </fingerprint>
+  <fingerprint pattern="^.*system=&quot;Linux&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>Linux with NTP enabled, no processor/version</description>
+    <example>
+      system="Linux", leap=00, stratum=2, rootdelay=6.480,
+    </example>
+    <param pos="0" name="os.vendor" value="Linux"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+  </fingerprint>
+  <fingerprint pattern="^.*system=&quot;UNIX/AIX&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>AIX with NTP enabled, no processor/version</description>
+    <example>
+      system="UNIX/AIX", leap=00, stratum=3, rootdelay=2.000,
+    </example>
+    <param pos="0" name="os.vendor" value="IBM"/>
+    <param pos="0" name="os.family" value="AIX"/>
+    <param pos="0" name="os.product" value="AIX"/>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="0" name="service.vendor" value="IBM"/>
+  </fingerprint>
+  <fingerprint pattern="^.*system=&quot;SunOS&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>Solaris with NTP enabled, no processor/version</description>
+    <example>
+      system="SunOS", leap=00, stratum=1, rootdelay=0.000,
+    </example>
+    <param pos="0" name="os.vendor" value="Sun"/>
+    <param pos="0" name="os.family" value="Solaris"/>
+    <param pos="0" name="os.product" value="Solaris"/>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="0" name="service.vendor" value="Solaris"/>
+  </fingerprint>
+  <fingerprint pattern="^.*system=&quot;cisco&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>Cisco IOS with NTP enabled</description>
+    <example>
+      system="cisco", leap=00, stratum=2, rootdelay=39.900,
+    </example>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.family" value="IOS"/>
+    <param pos="0" name="os.product" value="IOS"/>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="0" name="service.vendor" value="Cisco"/>
+  </fingerprint>
+  <fingerprint pattern="^.*system=&quot;Data ONTAP/+(\S+)&quot;.*$" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>NetApp file servers</description>
+    <example>
+      system="Data ONTAP/8.1RC2"
+    </example>
+    <param pos="0" name="os.vendor" value="NetApp"/>
+    <param pos="0" name="os.family" value="Data ONTAP"/>
+    <param pos="0" name="os.product" value="Data ONTAP"/>
+    <param pos="0" name="os.device" value="File server"/>
+    <param pos="1" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="system=&quot;UNIX/HPUX&quot;" flags="REG_ICASE">
+    <description>Generic HPUX</description>
+    <example>
+      system="UNIX/HPUX", leap=0, stratum=3, rootdelay=1.16,
+      rootdispersion=1.89, peer=52828, refid=A.B.C.D,
+      reftime=0xd2ec64af.5cca1000, poll=10, clock=0xd2ec6545.46514000,
+      phase=-1.080, freq=-2231.51, error=0.40
+    </example>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.family" value="HP-UX"/>
+    <param pos="0" name="os.product" value="HP-UX"/>
+  </fingerprint>
+  <fingerprint pattern="system=&quot;UNIX&quot;" flags="REG_ICASE" certainty="0.5">
+    <description>Generic UNIX</description>
+    <example>
+      version="4", processor="unknown", system="UNIX", leap=0, stratum=2,
+    </example>
+    <param pos="0" name="os.family" value="UNIX"/>
+    <param pos="0" name="os.product" value="UNIX"/>
+  </fingerprint>
+  <fingerprint pattern="system=&quot;VxWorks&quot;" flags="REG_ICASE">
+    <description>Generic VxWorks</description>
+    <example>
+      system="VxWorks", leap=0, stratum=8, rootdelay=63.74,
+      rootdispersion=151.29, peer=65508, refid=192.168.2.100,
+      reftime=0xd4747c5c.5851f000, poll=6, clock=0xd4747c6d.31206000,
+      phase=4.131, freq=18961.38, compliance=0
+    </example>
+    <param pos="0" name="os.vendor" value="Wind River"/>
+    <param pos="0" name="os.product" value="VxWorks"/>
+  </fingerprint>
+  <fingerprint pattern="system=&quot;UNIX/(Unixware([^ ]+))&quot;" flags="REG_ICASE">
+    <description>Add support for SCO Unixware NTP</description>
+    <example>
+      system="UNIX/Unixware2", leap=3, stratum=16, rootdelay=0.00,
+      rootdispersion=0.00, peer=0, refid=0.0.0.0, reftime=0x00000000.00000000,
+      poll=4, clock=0xd1d874b7.051ec000, phase=0.000, freq=0.00, error=0.00
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="0" name="os.vendor" value="SCO"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*\s*processor=&quot;([^ ]+)&quot;,.*system=&quot;SecureOS/([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>McAfee Network Firewall Enterprise NTP (SecureOS)</description>
+    <example>
+      version="ntpd 4.2.0-r Thu Aug 11 12:41:19 CDT 2005 (1)",
+      processor="i386", system="SecureOS/7.0.1.00", leap=0, stratum=3,
+      precision=-19, rootdelay=27.044, rootdispersion=87.845, peer=2357,
+      refid=A.B.C.D, reftime=0xd2636966.fd61b098, poll=10,
+      clock=0xd2636c8e.d5e2d427, state=4, offset=0.519, frequency=-3.027,
+      jitter=5.132, stability=0.394
+    </example>
+    <example>
+      version="ntpd 4.2.0-r Thu Aug 11 12:41:19 CDT 2005 (1)",
+      processor="i386", system="SecureOS/7.0.0.04", leap=0, stratum=2,
+      precision=-19, rootdelay=56.480, rootdispersion=35.772, peer=8677,
+      refid=A.B.C.D, reftime=0xd260ce25.8f9e2b59, poll=10,
+      clock=0xd260cf6c.7e0f1646, state=4, offset=-0.129, frequency=8.718,
+      jitter=0.548, stability=0.055
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="0" name="os.vendor" value="McAfee"/>
+    <param pos="0" name="os.product" value="SecureOS"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^.*processor=&quot;([^ ]+)&quot;.*system=&quot;Linux([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on linux</description>
+    <example>
+      processor="i686", system="Linux2.6.10", leap=0, stratum=2,
+      precision=-17, rootdelay=44.644, rootdispersion=29.933, peer=13317,
+      refid=A.B.C.D, reftime=0xd2c29f69.407570c5, poll=10,
+      clock=0xd2c2a335.360999dc, state=4, phase=1.037, frequency=55.898,
+      jitter=0.203, stability=0.004
+    </example>
+    <example>
+      processor="i686", system="Linux2.6.23.waas", leap=0, stratum=2,
+      precision=-18, rootdelay=37.550, rootdispersion=427.047, peer=40613,
+      refid=172.20.62.191, reftime=0xd297a442.8b66c6de, poll=14,
+      clock=0xd297d4bf.4a69be09, state=4, phase=2.927, frequency=25.968,
+      jitter=3.460, stability=0.043
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="0" name="os.vendor" value="Linux"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.certainty" value="0.75"/>
+    <param pos="1" name="os.arch"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern=".*version=&quot;ntpd (\S+)[^&quot;]+&quot;,.*\s*processor=&quot;([^ ]+)&quot;.*system=&quot;Isilon OneFS/v([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>Isilon OneFS NTP Server</description>
+    <example>
+      version="ntpd 4.2.4p4-o Thu Feb  4 20:43:00 UTC 2010 (1)",
+      processor="i386", system="Isilon OneFS/v5.5.4.21", leap=0, stratum=14,
+      precision=-19, rootdelay=0.000, rootdispersion=11.260, peer=60044,
+      refid=A.B.C.D, reftime=0xd2c1c806.b32bca4f, poll=10,
+      clock=0xd2c1c81b.d2869541, state=4, offset=0.000, frequency=-9.100,
+      jitter=0.002, noise=0.002, stability=0.000, tai=0
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="0" name="os.vendor" value="Isilon"/>
+    <param pos="0" name="os.product" value="OneFS"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="system=&quot;IPSO&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>Nokia IPSO NTP</description>
+    <example>
+      system="IPSO", leap=3, stratum=16, rootdelay=0.00, rootdispersion=0.00,
+      peer=0, refid=0.0.0.0, reftime=0x00000000.00000000, poll=4,
+      clock=0xd2066990.82704000, phase=0.000, freq=0.00, error=0.00
+    </example>
+    <example>
+      system="IPSO", leap=0, stratum=3, rootdelay=121.57,
+      rootdispersion=13.55, peer=29038, refid=A.B.C.D,
+      reftime=0xd1e2ab9b.ac19b000, poll=7, clock=0xd1e2abf4.b8ef1000,
+      phase=0.756, freq=27452.24, error=0.58
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="0" name="os.vendor" value="Nokia"/>
+    <param pos="0" name="os.product" value="IPSO"/>
+    <param pos="0" name="os.device" value="Firewall"/>
+  </fingerprint>
+  <fingerprint pattern="system=&quot;UNIX/Solaris\s[^ ]+&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>Sun Solaris NTP</description>
+    <example>
+      system="UNIX/Solaris 2.x", leap=3, stratum=16, rootdelay=0.00,
+      rootdispersion=0.00, peer=0, refid=0.0.0.0, reftime=0x00000000.00000000,
+      poll=4, clock=0xd23e08ab.ecd7f000, phase=0.000, freq=11392.00,
+      error=0.00
+    </example>
+    <example>
+      system="UNIX/Solaris 2.x", leap=3, stratum=16, rootdelay=0.00,
+      rootdispersion=0.00, peer=0, refid=0.0.0.0, reftime=0x00000000.00000000,
+      poll=4, clock=0xd2353ae7.7bca8000, phase=0.000, freq=11392.00,
+      error=0.00
+    </example>
+    <param pos="0" name="os.vendor" value="Sun"/>
+    <param pos="0" name="os.family" value="Solaris"/>
+    <param pos="0" name="os.product" value="Solaris"/>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="0" name="service.vendor" value="Sun"/>
+  </fingerprint>
+  <fingerprint pattern="version=&quot;ntpd version = ([^ ]+)&quot;,\s*processor=&quot;([A-Z0-9]+)&quot;,\s*system=&quot;OpenVMS/V([A-Z0-9.-]+)" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>OpenVMS NTP Server</description>
+    <example service.version="4.2.0" os.arch="PHMNFP" os.version="8.3">
+      version="ntpd version = 4.2.0", processor="PHMNFP",
+      system="OpenVMS/V8.3", leap=0, stratum=4, precision=-10,
+      rootdelay=56.458, rootdispersion=51.315, peer=53868, refid=A.B.C.D,
+      reftime=0xd248836a.1af277e1, poll=10, clock=0xd2488581.0790e0a1,
+      state=4, offset=-0.561, frequency=8.597, jitter=1.507, stability=0.041
+    </example>
+    <example service.version="4.2.0" os.arch="STHRN2" os.version="8.3-1H1">
+      version="ntpd version = 4.2.0", processor="STHRN2",
+      system="OpenVMS/V8.3-1H1", leap=0, stratum=3, precision=-10,
+      rootdelay=8.615, rootdispersion=80.724, peer=55037,
+      refid=A.B.C.D, reftime=0xd1aa6b0e.bc19eb3b, poll=10,
+      clock=0xd1aa6d19.d5a12600, state=4, offset=7.844, frequency=4.737,
+      jitter=2.222, stability=0.096
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="0" name="os.vendor" value="OpenVMS"/>
+    <param pos="0" name="os.product" value="OpenVMS"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern=".*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,\s*processor=&quot;([^ ]+)&quot;,\s*system=&quot;[^ ]+.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>F5 Big-IP Load Balancers NTP</description>
+    <example service.version="4.1.1a@1.791" os.arch="i386" os.version="4.5PTF-0">
+      version="ntpd 4.1.1a@1.791 Fri Aug  8 04:08:19 PDT 2003 (1)",
+      processor="i386", system="BIG-IPBIG-IP 4.5PTF-0", leap=3, stratum=16,
+      precision=-16, rootdelay=0.000, rootdispersion=103599.120, peer=0,
+      refid=0.0.0.0, reftime=0x00000000.00000000, poll=4,
+      clock=0xd20533b8.903aa79b, state=1, offset=0.000, frequency=0.000,
+      jitter=0.015, stability=0.000
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="0" name="os.vendor" value="F5"/>
+    <param pos="0" name="os.product" value="BIG-IP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+</fingerprints>