Re: m|| versus m||s in nmap-service-probes

[doug () hcsw org]

Hi Lionel!

On Mon, Dec 10, 2007 at 11:19:31AM +0100 or thereabouts, Lionel Cons wrote:
> Most (all?) of these patterns dealing with binary data should IMHO use
> m||s instead of m||.
>
> I append below a list of patterns that seem to match binary data but I
> think that all patterns should be reviewed manually to check whether
> the "s" option is used correctly or not.

Thanks for doing this! I went through your list of match lines and
added the s modifier to most of them and committed the new version
to SVN.

Especially for cases like X11, I consider not having the s modifier
on these lines to be a bug. I have had to go back and add them
before in the past! Your perl script was a great idea and I
think will result in more accurate version scans against many
binary services including X11 and postgres.

Thanks again for all your suggestions!

Doug

PS. This change does touch a lot of match lines, however, and
although I don't expect any problems, any testing of the new
probes file is of course appreciated.

PPS. I didn't add s modifiers to any of the telnet probes
because I didn't think it was necessary. Although telnetds
often do spit out lots of binary crap, I still usually think
of them as ASCII, line based protocols.

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org