Re: smbv2-dos.nse

[Ron <ron () skullsecurity net>]

On 09/12/2009 11:14 AM, Kris Katterjohn wrote:
> I think it should be, since it's called "all".  Just because so far "all"
> hasn't contained stuff like dos and exploit scripts doesn't mean it shouldn't
> live up to its name now.
>
> Correct me if I'm wrong, but couldn't you do "all and not dos" or something
> similiar for this effect?
>
> If the concern is for users accidently running evil dos and exploit scripts
> when they specify "all", then I'm not sure what to say.  If they're going to
> blindly run "all" scripts without knowing what they do, then they're just in
> for trouble anyway.
>
> We shouldn't butcher a category like "all", when its name describes it
> perfectly in 3 letters.  All is all.
>
> However if you're concerned with the fact that "all" isn't "relatively safe"
> anymore, so you can't type just 3 letters, I think the boolean rule above will
> suffice (or we could theoretically create yet another category to work around
> this, but I don't like that very much).
>
> Sorry if I've sounded stern; I've just wanted to get all of this out
> beforehand in case this discussion takes off :)

Hey Kris

I totally see what you mean, and I do agree.

That being said, I do worry about people accidentally crashing stuff 
using my script. I know the first thing I did was run --script=all 
against a test server when I discovered that scripting exists, and 
that's fine (crashing test servers is fun :) ). But not everybody is 
that smart.

When it comes down to it, I can go either way on the issue.

Ron

--
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org