Re: [RFC] NSE Re-categorization

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
> On Fri, Jun 13, 2008 at 01:07:10AM +0100, jah wrote:
> > On 12/06/2008 23:07, Kris Katterjohn wrote:
> >
> > So I think that either intrusive should include scripts that are
> > intended to crash services (all in the name of securing ones own
> > network, of course) or perhaps there should be a category for "exploits"
> > to include scripts that actively exploit vulnerabilities and could crash
> > a service or cause an sysadmin alarm - even if the intention is merely
> > to detect a vulnerability.
>
> Good point.  We don't have any scripts intended to crash services now.
> But if we ever were to add such a script, I'd argue for some sort of
> "dos" category.  A script which performas a SYN scan or tries to crash
> a certain service goes beyond what I would normally think of even as
> "intrusive", IMHO.
>
> Exploits is another interesting category.  If we had actual exploits
> like you find in Metasploit, they might fit well in such a category.
> Our brute force authentication scripts sort of fit the bill, but it
> sounds like we'll probably have a more specific category for them.
>
> So I think both of these are good potential categories, but I don't
> think we should add any categories unless we have at least one script
> included which will use them.  And I don't know of any DoS or exploit
> scripts right now.

Agreed.  And of course if we create categories like these, they will go along
with Safe and Intrusive wrt the "all-encompassing" factor.

> Cheers,
> -F

Thanks,
Kris Katterjohn


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSFILev9K37xXYl36AQIK8Q//a2+9/SdkuD6ETPxvUemqQCLV2N0C6iVc
/hA01eGFmr6GmH1lg73lquAm1YDTFLywdAMBYDrlsmhGA/dQvx9MWo/sJL/pmL5d
UKXyYC22WV2Chzs7r+IFjpZqgFJhQ4Hm8V9POJj7BJjOZDXFLY6X0WHYCKbsBaXG
t7apvVDD5tVYATotuu7oGNCVizO/nCaJlo6IgIwtNijwOFgl1RxLVf9/Zzut8w4K
2TNh2vNF0qCTRkihsuj6nYernnTHItz5dO8WVM1oxcIWnt3ecIiIo0tAoxDP58Y5
Xh3NSOnx7cdHqiBKiYFfE99tOCAPCpzQ8KwTcQ1SM38/su4Cv9B4z7hIr6AwY9RU
bSO4V6akVyMUedkbGuISM55shFmI+EH4ysgPrgzOIM+QzfiVTE7ubulKW1JYrO4M
HYfBTXqBvRgU0zlpesqIrIoehh9Xl21e7oQH5Tjlz7M6DOz8IoKCtHSGiszQhmOD
hx9cCwOUYtuNC4+p2r6RBRsvbnViQCrm/NEchtVNwfECMQO4CKtQvX3MB8Shs0pC
f190wnY8KYvLWJtGqBgSU1WPxq0wm62y00x3MRd1l7TfNv9yJ417Jd4MPJwpkshP
ocFRGUVmIbrvFiLA7C2Grt/ob99oaTzrE3P5107yirsRpUUNTKFOziwSoou1CLT3
wnq6jFNoaOU=
=9yOQ
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org