Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] http.request() ignores port.protocol and assumes "tcp" even when it's really "udp"

From: bensonk () acm wwu edu
Date: Mon, 10 Nov 2008 10:05:09 -0800
Just a thought -- I know TCP and UDP are pretty much the only protocols
that matter, but what if nmap were extended to allow more than TCP and
UDP at some point?  Wouldn't it make more sense to say "if port.protocol
!= 'tcp'" instead?  

Benson

On Mon, Nov 10, 2008 at 03:07:34PM +0000, jah wrote:

Hi all,

I got a result where html-title ran against UDP port 80 and returned
with an html title which it obtained by talking TCP.  This occurs
because http.request() defines protocol = "tcp" but doesn't check that
port.protocol is actually tcp.

Easily fixed by returning nil from http.request() if port.protocol ==
"udp" and perhaps printing a debug info.
html-title might also be modified to avoid running for udp ports.

Do you think this is sufficient?

Regards,

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Attachment: _bin
Description: 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: