Nmap Development mailing list archives
Re: [NSE] http.request() ignores port.protocol and assumes "tcp" even when it's really "udp"
From: bensonk () acm wwu edu
Date: Mon, 10 Nov 2008 10:05:09 -0800
Just a thought -- I know TCP and UDP are pretty much the only protocols that matter, but what if nmap were extended to allow more than TCP and UDP at some point? Wouldn't it make more sense to say "if port.protocol != 'tcp'" instead? Benson On Mon, Nov 10, 2008 at 03:07:34PM +0000, jah wrote:
Hi all, I got a result where html-title ran against UDP port 80 and returned with an html title which it obtained by talking TCP. This occurs because http.request() defines protocol = "tcp" but doesn't check that port.protocol is actually tcp. Easily fixed by returning nil from http.request() if port.protocol == "udp" and perhaps printing a debug info. html-title might also be modified to avoid running for udp ports. Do you think this is sufficient? Regards, jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] http.request() ignores port.protocol and assumes "tcp" even when it's really "udp" jah (Nov 10)
- Re: [NSE] http.request() ignores port.protocol and assumes "tcp" even when it's really "udp" David Fifield (Nov 10)
- Re: [NSE] http.request() ignores port.protocol and assumes "tcp" even when it's really "udp" bensonk (Nov 10)