Re: [NSE] New UPnP information gathering script

[Fyodor <fyodor () insecure org>]

On Wed, Jan 09, 2008 at 03:05:15PM -0600, Thomas Buchanan wrote:
> Here is a script that attempts to gather information from the UPnP
> service (UDP port 1900).  This service is commonly found on network
> devices such as routers, printers, networked media players, or other
> self-configuring devices.  It can sometimes provide a fair amount of
> information about the device being scanned.

Thanks, this looks good and I have checked it in to SVN.  Thanks,
also, to Eddie for testing it out and reporting results.

Also, it would be great if someone could use this to create a version
detection probe and signatures for UPnP.  I notice that all of our
current upnp signatures are for TCP probes.

Also, I wonder if it makes sense for us to require that port 1900 be
scanned in order to run this script?  Since UDP ports are not scanned
by default, maybe we should target common discovery probes such as
snmp and upnp even when the port is not scanned.  Unfortunately, I
don't know if there is a good way to do this currently with NSE.  One
option would be to make UPnP and SNMP info scripts host-based rather
than port-based.  It is at least something to think about.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org