RubyGems - recog - Versions diffs - 2.3.21 → 3.0.1 - Mend

recog 2.3.21 → 3.0.1

Files changed (120) hide show

checksums.yaml +4 -4
data/LICENSE +1 -1
data/README.md +42 -16
data/Rakefile +2 -9
data/lib/recog/db.rb +2 -1
data/lib/recog/db_manager.rb +1 -1
data/lib/recog/fingerprint.rb +33 -6
data/lib/recog/fingerprint_parse_error.rb +10 -0
data/lib/recog/verifier.rb +9 -9
data/lib/recog/verify_reporter.rb +17 -6
data/lib/recog/version.rb +1 -1
data/{bin → recog/bin}/recog_match +0 -1
data/{xml → recog/xml}/apache_modules.xml +0 -0
data/{xml → recog/xml}/apache_os.xml +98 -56
data/{xml → recog/xml}/architecture.xml +15 -1
data/recog/xml/dhcp_vendor_class.xml +206 -0
data/{xml → recog/xml}/dns_versionbind.xml +16 -13
data/{xml → recog/xml}/favicons.xml +297 -47
data/{xml → recog/xml}/fingerprints.xsd +9 -1
data/{xml → recog/xml}/ftp_banners.xml +160 -156
data/{xml → recog/xml}/h323_callresp.xml +101 -101
data/{xml → recog/xml}/hp_pjl_id.xml +84 -84
data/{xml → recog/xml}/html_title.xml +727 -34
data/{xml → recog/xml}/http_cookies.xml +160 -77
data/{xml → recog/xml}/http_servers.xml +556 -283
data/{xml → recog/xml}/http_wwwauth.xml +190 -75
data/{xml → recog/xml}/imap_banners.xml +5 -5
data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
data/{xml → recog/xml}/mdns_device-info_txt.xml +389 -26
data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
data/{xml → recog/xml}/mysql_banners.xml +1 -1
data/{xml → recog/xml}/mysql_error.xml +0 -0
data/{xml → recog/xml}/nntp_banners.xml +11 -8
data/{xml → recog/xml}/ntp_banners.xml +97 -97
data/{xml → recog/xml}/operating_system.xml +95 -80
data/{xml → recog/xml}/pop_banners.xml +23 -23
data/{xml → recog/xml}/rsh_resp.xml +3 -3
data/{xml → recog/xml}/rtsp_servers.xml +0 -0
data/{xml → recog/xml}/sip_banners.xml +43 -5
data/{xml → recog/xml}/sip_user_agents.xml +175 -27
data/{xml → recog/xml}/smb_native_lm.xml +5 -5
data/{xml → recog/xml}/smb_native_os.xml +25 -25
data/{xml → recog/xml}/smtp_banners.xml +147 -146
data/{xml → recog/xml}/smtp_debug.xml +0 -0
data/{xml → recog/xml}/smtp_ehlo.xml +1 -1
data/{xml → recog/xml}/smtp_expn.xml +0 -0
data/{xml → recog/xml}/smtp_help.xml +11 -11
data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
data/{xml → recog/xml}/smtp_noop.xml +2 -2
data/{xml → recog/xml}/smtp_quit.xml +0 -0
data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
data/{xml → recog/xml}/smtp_rset.xml +0 -0
data/{xml → recog/xml}/smtp_turn.xml +0 -0
data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
data/{xml → recog/xml}/snmp_sysdescr.xml +1570 -1430
data/{xml → recog/xml}/snmp_sysobjid.xml +38 -27
data/{xml → recog/xml}/ssh_banners.xml +16 -10
data/{xml → recog/xml}/telnet_banners.xml +238 -21
data/{xml → recog/xml}/tls_jarm.xml +56 -6
data/{xml → recog/xml}/x11_banners.xml +3 -3
data/{xml → recog/xml}/x509_issuers.xml +49 -1
data/{xml → recog/xml}/x509_subjects.xml +139 -38
data/recog.gemspec +9 -5
data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
data/spec/data/external_example_fingerprint.xml +8 -0
data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
data/spec/lib/recog/db_spec.rb +84 -61
data/spec/lib/recog/fingerprint_spec.rb +4 -4
data/spec/lib/recog/verify_reporter_spec.rb +73 -4
data/spec/spec_helper.rb +4 -0
metadata +65 -134
data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
data/.github/PULL_REQUEST_TEMPLATE +0 -24
data/.github/SECURITY.md +0 -35
data/.github/workflows/ci.yml +0 -26
data/.gitignore +0 -23
data/.rspec +0 -3
data/.ruby-gemset +0 -1
data/.ruby-version +0 -1
data/.snyk +0 -10
data/.travis.yml +0 -25
data/CONTRIBUTING.md +0 -270
data/bin/recog_cleanup +0 -16
data/bin/recog_export +0 -81
data/bin/recog_standardize +0 -148
data/bin/recog_verify +0 -64
data/cpe-remap.yaml +0 -343
data/features/data/failing_banners_fingerprints.xml +0 -20
data/features/data/matching_banners_fingerprints.xml +0 -23
data/features/data/multiple_banners_fingerprints.xml +0 -32
data/features/data/no_tests.xml +0 -3
data/features/data/sample_banner.txt +0 -2
data/features/data/successful_tests.xml +0 -18
data/features/data/tests_with_failures.xml +0 -20
data/features/data/tests_with_warnings.xml +0 -17
data/features/match.feature +0 -36
data/features/support/aruba.rb +0 -3
data/features/support/env.rb +0 -6
data/features/verify.feature +0 -48
data/identifiers/README.md +0 -70
data/identifiers/fields.txt +0 -104
data/identifiers/hw_device.txt +0 -78
data/identifiers/hw_family.txt +0 -113
data/identifiers/hw_product.txt +0 -410
data/identifiers/os_architecture.txt +0 -10
data/identifiers/os_device.txt +0 -75
data/identifiers/os_family.txt +0 -233
data/identifiers/os_product.txt +0 -340
data/identifiers/service_family.txt +0 -249
data/identifiers/service_product.txt +0 -752
data/identifiers/vendor.txt +0 -798
data/lib/recog/verifier_factory.rb +0 -13
data/misc/convert_mysql_err +0 -61
data/misc/order.xsl +0 -17
data/requirements.txt +0 -2
data/spec/lib/fingerprint_self_test_spec.rb +0 -174
data/update_cpes.py +0 -250

data/recog/xml/dhcp_vendor_class.xml ADDED Viewed

@@ -0,0 +1,206 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<fingerprints matches="dhcp_vendor_class" protocol="dhcp" database_type="service">
+  <!--
+    Fingerprint definitions that are matched against the string values in the
+    dhcp message vi_vendor_class field
+    This field is Option 60 as defined in RFC 2132 section 9.13.
+    The vi_vendor_class field can be found in client discover (1), request (3)
+    and inform (8) messages.
+  -->
+  <fingerprint pattern="^Mfg=(?:Fuji)?(?i:Xerox);Typ=(?:MFP|printer);Mod=(?:Xerox )?(\S+) ([a-zA-Z0-9]+).*;Ser=([A-Z0-9]{9})(?:;Loc=.*)?$">
+    <description>Xerox Multifunction Printer</description>
+    <example hw.family="VersaLink" hw.model="C405" hw.serial_number="ABC123456">Mfg=Xerox;Typ=MFP;Mod=VersaLink C405;Ser=ABC123456;Loc=Print Room</example>
+    <example hw.family="AltaLink" hw.model="C8055" hw.serial_number="1AB234567">Mfg=Xerox;Typ=MFP;Mod=Xerox AltaLink C8055 Multifunction Printer;Ser=1AB234567;Loc=Print Room2</example>
+    <example hw.family="WorkCentre" hw.model="3345" hw.serial_number="1AB234567">Mfg=XEROX;Typ=MFP;Mod=WorkCentre 3345;Ser=1AB234567;Loc=</example>
+    <example hw.family="WorkCentre" hw.model="7845" hw.serial_number="AB1234567">Mfg=Xerox;Typ=MFP;Mod=Xerox WorkCentre 7845 v1 Multifunction System;Ser=AB1234567;Loc=</example>
+    <example hw.family="Phaser" hw.model="6500DN" hw.serial_number="ABC123456">Mfg=FujiXerox;Typ=printer;Mod=Phaser 6500DN;Ser=ABC123456</example>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="Xerox"/>
+    <param pos="1" name="hw.family"/>
+    <param pos="2" name="hw.model"/>
+    <param pos="3" name="hw.serial_number"/>
+    <param pos="0" name="hw.product" value="{hw.family} {hw.model}"/>
+    <param pos="0" name="os.vendor" value="Xerox"/>
+    <param pos="0" name="os.device" value="Printer"/>
+  </fingerprint>
+  <fingerprint pattern="^Mfg=Hewlett Packard;Typ=Printer;Mod=HP (LaserJet 200|LaserJet 400) (?:color |colorMFP |MFP )?(M\d+\S+);Ser=([A-Z0-9]{10});$">
+    <description>HP Multifunction Printer</description>
+    <example hw.family="LaserJet 200" hw.model="M276nw" hw.serial_number="ABC1DE2F3G">Mfg=Hewlett Packard;Typ=Printer;Mod=HP LaserJet 200 colorMFP M276nw;Ser=ABC1DE2F3G;</example>
+    <example hw.family="LaserJet 400" hw.model="M401dne" hw.serial_number="ABCDE12345">Mfg=Hewlett Packard;Typ=Printer;Mod=HP LaserJet 400 M401dne;Ser=ABCDE12345;</example>
+    <example hw.family="LaserJet 400" hw.model="M401dw" hw.serial_number="ABCDE12345">Mfg=Hewlett Packard;Typ=Printer;Mod=HP LaserJet 400 M401dw;Ser=ABCDE12345;</example>
+    <example hw.family="LaserJet 400" hw.model="M401n" hw.serial_number="ABCDE12345">Mfg=Hewlett Packard;Typ=Printer;Mod=HP LaserJet 400 M401n;Ser=ABCDE12345;</example>
+    <example hw.family="LaserJet 400" hw.model="M425dn" hw.serial_number="ABC1D23E4E">Mfg=Hewlett Packard;Typ=Printer;Mod=HP LaserJet 400 MFP M425dn;Ser=ABC1D23E4E;</example>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="HP"/>
+    <param pos="1" name="hw.family"/>
+    <param pos="2" name="hw.model"/>
+    <param pos="3" name="hw.serial_number"/>
+    <param pos="0" name="hw.product" value="{hw.family} {hw.model}"/>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.device" value="Printer"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Hewlett-Packard|HP) (OfficeJet|LaserJet|Printer|JetDirect)$">
+    <description>HP Printer</description>
+    <example hw.family="LaserJet">Hewlett-Packard LaserJet</example>
+    <example hw.family="OfficeJet">Hewlett-Packard OfficeJet</example>
+    <example hw.family="LaserJet">HP LaserJet</example>
+    <example hw.family="Printer">HP Printer</example>
+    <example hw.family="JetDirect">Hewlett-Packard JetDirect</example>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="HP"/>
+    <param pos="1" name="hw.family"/>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.device" value="Printer"/>
+  </fingerprint>
+  <fingerprint pattern="^Mfg=LEXMARK;Typ=(?:MFP|Printer);Mod=Lexmark (\S+);Ser=([A-Z0-9]{13});$">
+    <description>Lexmark Printer</description>
+    <example hw.model="MX410de" hw.serial_number="12345ABC6D7EF">Mfg=LEXMARK;Typ=MFP;Mod=Lexmark MX410de;Ser=12345ABC6D7EF;</example>
+    <example hw.model="MS310dn" hw.serial_number="123456AB7C8DE">Mfg=LEXMARK;Typ=Printer;Mod=Lexmark MS310dn;Ser=123456AB7C8DE;</example>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="Lexmark"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="2" name="hw.serial_number"/>
+    <param pos="0" name="os.vendor" value="Lexmark"/>
+    <param pos="0" name="os.device" value="Printer"/>
+  </fingerprint>
+  <fingerprint pattern="^Canon iR-ADV (C?\d+ ?\S*)$">
+    <description>Canon imageRunner Printer</description>
+    <example hw.model="C5535 III">Canon iR-ADV C5535 III</example>
+    <example hw.model="C350">Canon iR-ADV C350</example>
+    <example hw.model="4545 III">Canon iR-ADV 4545 III</example>
+    <example hw.model="525">Canon iR-ADV 525</example>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="Canon"/>
+    <param pos="0" name="hw.family" value="imageRunner"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="hw.product" value="{hw.family} {hw.model}"/>
+    <param pos="0" name="os.vendor" value="Canon"/>
+    <param pos="0" name="os.device" value="Printer"/>
+  </fingerprint>
+  <fingerprint pattern="^Canon (D\d+) Series$">
+    <description>Canon imageClass Printer</description>
+    <example hw.model="D1600">Canon D1600 Series</example>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="Canon"/>
+    <param pos="0" name="hw.family" value="imageClass"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="hw.product" value="{hw.family} {hw.model}"/>
+    <param pos="0" name="os.vendor" value="Canon"/>
+    <param pos="0" name="os.device" value="Printer"/>
+  </fingerprint>
+  <fingerprint pattern="^Polycom-(VVX\d{3})$">
+    <description>Polycom IP Phone</description>
+    <example hw.product="VVX410" hw.model="VVX410">Polycom-VVX410</example>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.vendor" value="Polycom"/>
+    <param pos="0" name="hw.family" value="VVX"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="hw.product" value="{hw.model}"/>
+    <param pos="0" name="os.vendor" value="Polycom"/>
+  </fingerprint>
+  <fingerprint pattern="^Aruba\s(JL\d+A)\s(\d+[A-Z]?)\S+\sSwitch(?:\sdslforum.org)?$">
+    <description>HP Aruba Network Switch</description>
+    <example hw.model="JL075A" hw.product="3810M">Aruba JL075A 3810M-16SFP+-2-slot Switch</example>
+    <example hw.model="JL253A" hw.product="2930F">Aruba JL253A 2930F-24G-4SFP+ Switch dslforum.org</example>
+    <example hw.model="JL256A" hw.product="2930F">Aruba JL256A 2930F-48G-PoE+-4SFP+ Switch</example>
+    <example hw.model="JL258A" hw.product="2930F">Aruba JL258A 2930F-8G-PoE+-2SFP+ Switch</example>
+    <example hw.model="JL357A" hw.product="2540">Aruba JL357A 2540-48G-PoE+-4SFP+ Switch</example>
+    <param pos="0" name="os.vendor" value="Aruba Networks"/>
+    <param pos="0" name="hw.vendor" value="Aruba Networks"/>
+    <param pos="2" name="hw.product"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="hw.device" value="Switch"/>
+  </fingerprint>
+  <fingerprint pattern="^AXIS,(?:PTZ Dome )?Network Camera,(.*),([\d\.]+)$">
+    <description>Axis Network Camera</description>
+    <example hw.model="P3343" os.version="5.20.3">AXIS,Network Camera,P3343,5.20.3</example>
+    <example hw.model="M5014" os.version="5.50.3.7">AXIS,PTZ Dome Network Camera,M5014,5.50.3.7</example>
+    <example hw.model="P3225-LV Mk II" os.version="9.70.1.5">AXIS,Network Camera,P3225-LV Mk II,9.70.1.5</example>
+    <param pos="0" name="hw.device" value="IP Camera"/>
+    <param pos="0" name="hw.vendor" value="AXIS"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="os.vendor" value="AXIS"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^AXIS,(?:Network Video Encoder|Video Server),(\S+),([\d\.]+)$">
+    <description>Axis Video Encoder</description>
+    <example hw.model="M7011" os.version="5.90.1">AXIS,Network Video Encoder,M7011,5.90.1</example>
+    <param pos="0" name="hw.device" value="Video Encoder"/>
+    <param pos="0" name="hw.vendor" value="AXIS"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="os.vendor" value="AXIS"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^AXIS,Network IO Audio Module,(\S+),([\d\.]+)$">
+    <description>Axis IO Audio Module</description>
+    <example hw.model="P8221" os.version="5.10.2">AXIS,Network IO Audio Module,P8221,5.10.2</example>
+    <param pos="0" name="hw.device" value="Audio Encoder"/>
+    <param pos="0" name="hw.vendor" value="AXIS"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="os.vendor" value="AXIS"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^PCoIP Endpoint$">
+    <description>PCoIP Endpoint Device</description>
+    <example>PCoIP Endpoint</example>
+    <param pos="0" name="hw.device" value="Thin Client"/>
+    <param pos="0" name="hw.product" value="PCoIP Endpoint Device"/>
+    <param pos="0" name="os.vendor" value="Teradici"/>
+    <param pos="0" name="os.family" value="Teradici"/>
+  </fingerprint>
+  <fingerprint pattern="^android-dhcp-([\d\.]*)$">
+    <description>Android Device</description>
+    <example os.version="7.1.1">android-dhcp-7.1.1</example>
+    <param pos="0" name="os.vendor" value="Google"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Android"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:google:android:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^dhcpcd-(?:[\d\.]+):Linux-([\d\.]+).*:(\S*):">
+    <description>Linux</description>
+    <example os.version="4.14.78" os.arch="armv7l">dhcpcd-6.11.5:Linux-4.14.78:armv7l:Freescale</example>
+    <example os.version="4.19.155" os.arch="x86_64">dhcpcd-6.8.2:Linux-4.19.155-10581-g8bdb5ed8e80c:x86_64:GenuineIntel</example>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="1" name="os.version"/>
+    <param pos="2" name="os.arch"/>
+  </fingerprint>
+  <fingerprint pattern="^SAMSUNG Network Printer$">
+    <description>Samsung Network Printer</description>
+    <example>SAMSUNG Network Printer</example>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="Samsung"/>
+    <param pos="0" name="os.vendor" value="Samsung"/>
+  </fingerprint>
+  <fingerprint pattern="^MERAKI$">
+    <description>MERAKI Device</description>
+    <example>MERAKI</example>
+    <param pos="0" name="hw.vendor" value="Meraki"/>
+    <param pos="0" name="os.vendor" value="Meraki"/>
+  </fingerprint>
+  <fingerprint pattern="^MSFT 5.0$">
+    <description>Microsoft Windows Device</description>
+    <example>MSFT 5.0</example>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+  </fingerprint>
+</fingerprints>

data/{xml → recog/xml}/dns_versionbind.xml RENAMED Viewed

@@ -68,8 +68,8 @@
     <example service.version="9.3.6-P1" os.version="5" os.version.version="11">9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.12</example>
     <example service.version="9.9.1-P3" os.version="6">9.9.1-P3-RedHat-9.9.1.P3.el6</example>
     <example service.version="9.9.3-rpz2+rl.13208.13-P2" os.version="6">9.9.3-rpz2+rl.13208.13-P2-RedHat-9.9.3-4.P2.el6</example>
-    <example os.version="6" os.version.version="1">9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.3</example>
-    <example os.version="6" os.version.version="">9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6</example>
+    <example os.version="6" os.version.version="1" service.version="9.7.3-P3">9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.3</example>
+    <example os.version="6" os.version.version="" service.version="9.8.2rc1">9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6</example>
     <param pos="0" name="service.vendor" value="ISC"/>
     <param pos="0" name="service.family" value="BIND"/>
     <param pos="0" name="service.product" value="BIND"/>
@@ -85,21 +85,21 @@
   <fingerprint pattern="^(9.[^-]+(?:-rl[.\d]+)?(?:-[SP]\d)?)-RedHat-[\d.]+-[\w.]+fc([\d]+)$">
     <description>ISC BIND: Fedora</description>
-    <example service.version="9.10.4-P8">9.10.4-P8-RedHat-9.10.4-4.P8.fc25</example>
+    <example service.version="9.10.4-P8" os.version="25">9.10.4-P8-RedHat-9.10.4-4.P8.fc25</example>
     <!-- The '-rl' in the example below indicates a rate limiting patch -->
-    <example service.version="9.9.3-rl.13207.22-P2">9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19</example>
-    <example os.version="10">9.5.2-RedHat-9.5.2-1.fc10</example>
+    <example service.version="9.9.3-rl.13207.22-P2" os.version="19">9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19</example>
+    <example os.version="10" service.version="9.5.2">9.5.2-RedHat-9.5.2-1.fc10</example>
     <param pos="0" name="service.vendor" value="ISC"/>
     <param pos="0" name="service.family" value="BIND"/>
     <param pos="0" name="service.product" value="BIND"/>
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
-    <param pos="0" name="os.vendor" value="Red Hat"/>
+    <param pos="0" name="os.vendor" value="Fedora Project"/>
     <param pos="0" name="os.family" value="Linux"/>
-    <param pos="0" name="os.product" value="Fedora Core Linux"/>
+    <param pos="0" name="os.product" value="Fedora Core"/>
     <param pos="2" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:{os.version}"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:{os.version}"/>
   </fingerprint>
   <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-RedHat-[\w.-]+amzn1$">
@@ -719,8 +719,11 @@
   -->
   <fingerprint pattern="^Microsoft DNS 6.0.6100 \(2AEF76E\)$">
-    <description>SPOOFED - Microsoft DNS on Windows 2008 SP something</description>
+    <description>SPOOFED - Microsoft DNS on Windows 2008 SP something -- assert nothing.</description>
     <example>Microsoft DNS 6.0.6100 (2AEF76E)</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(([^)]+)\))?$">
@@ -843,8 +846,8 @@
   <fingerprint pattern="^ALU DNS ([\d\.]+) Build (\d+)$">
     <description>ALU (Alcatel Lucent?) DNS</description>
-    <example service.version="6.2">ALU DNS 6.2 Build 22</example>
-    <example service.version.version="9">ALU DNS 6.2 Build 9</example>
+    <example service.version="6.2" service.version.version="22">ALU DNS 6.2 Build 22</example>
+    <example service.version.version="9" service.version="6.2">ALU DNS 6.2 Build 9</example>
     <param pos="0" name="service.vendor" value="ALU"/>
     <param pos="0" name="service.family" value="DNS"/>
     <param pos="0" name="service.product" value="DNS"/>
@@ -910,8 +913,8 @@
   <fingerprint pattern="^Meta IP[\s\/]DNS (?:V[\d\.]+ )?- BIND V([\d\.]+(?:-REL)?) \(Build (\d+)\s?\)$">
     <description>Check Point Meta IP</description>
-    <example service.version="8.2.7-REL">Meta IP DNS - BIND V8.2.7-REL (Build 31)</example>
-    <example service.version.version="4704">Meta IP/DNS V4.1 - BIND V8.1.2 (Build 4704 )</example>
+    <example service.version="8.2.7-REL" service.version.version="31">Meta IP DNS - BIND V8.2.7-REL (Build 31)</example>
+    <example service.version.version="4704" service.version="8.1.2">Meta IP/DNS V4.1 - BIND V8.1.2 (Build 4704 )</example>
     <param pos="0" name="service.vendor" value="Check Point"/>
     <param pos="0" name="service.family" value="META IP"/>
     <param pos="0" name="service.product" value="DNS"/>