Re: STOMP Probe

[Lionel Cons <lionel.cons () cern ch>]

doug () hcsw org writes:
> > I would disagree with this. IMHO, it should be linked to the probability
> > of finding the service during a scan. Popular services should be scanned
> > by default, regardless of the fact that they may need a dedicated probe.
>
> That's an excellent point. Do you feel this probe is common
> enough for inclusion in the default scan?

No, I don't think that STOMP is common enough (yet).

> Determining which services are the most common is a problem we
> have been thinking about for a while. If you (or anyone) has any
> ideas on measuring or estimating this, I think it would be a
> great discussion topic.

IMHO, we could ivent a way to collect Nmap statistics. For instance:
 (1) we scan our machines with Nmap (set of options to be defined)
 (2) we pass the results through some script that would output
     sanitised statistics (to be defined) such as this service has
     been found on this port or this probe found something in n% of
     the cases
 (3) we submit these stats to some web service, like it is done today
     for the fingerprint submission

The results would not be very scientific but would maybe help to
improve the probes and service detection.

Cheers,

Lionel

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org