Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible new device categories for service detection

From: David Fifield <david () bamsoftware com>
Date: Fri, 20 Feb 2009 15:42:20 -0700
On Sun, Feb 08, 2009 at 11:47:23PM +0000, doug () hcsw org wrote:

OK here are the definitions I've been using for the device types
in the service probe file. Note that these don't include device
types found only in the OS DB. Maybe David can fill in those
ones (if there are any aside from "broadband modem").


I found these that are in nmap-os-db but not in nmap-service-probes:

encryption accelerator (6)
proxy server (13)
VoIP gateway (18)
web server (2)

I documented them in docs/device-types.txt:

encryption accelerator (6)
A VPN gateway.
Example: Cisco VPN 3030 Concentrator VPN platform
*** Maybe merge with another category or change to "VPN gateway" as that's what all examples currently are.

proxy server (13)
Any kind of proxy server, including web proxies and other devices that, for example, cache data or understand other 
high-level protocols.

VoIP gateway (18)
A device that converts between VoIP protocols and normal telephone traffic. Also may convert different VoIP protocols.
Example: Avaya Office IP403 VoIP gateway

web server (2)
An appliance that serves primarily HTTP, not a general-purpose OS running a web server.
*** Suggest removal; current devices' classification is tenuous.

The devices that are in nmap-service-probes but not nmap-os-db are

cluster (3)
hub (1)
projector (3)
X-ray machine (2)

I'll start reviewing the file and making changes. I think the way to go
is to set up device-types.txt to represent the way we want the
classifications to be, then fix up the databases to match.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: