Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Skype detection

From: doug () hcsw org
Date: Fri, 23 Oct 2009 00:20:59 +0000
Hi Jon,

It's because skype turns out to be pretty hard to match well without causing
false positives on unrelated services. We have tried out skype match lines in the
past, but found some fairly common services that were incorrectly identified as
skype. Skype also seems to be pretty random about choosing its ports.

So we had 2 options:

1) Enhance version detection to take into account multiple probe/responses
   when determining skype.

2) Use (NSE) Nmap Scripting Engine instead.

We went with 2. See Brandon's skypev2-version.nse script.

I think the first would have been a fairly non-intrusive change that might have
been useful for other match lines as well, but using NSE is also a reliable
way to match the skype service. If you use -sC you should see skype as a service.

Doug


On Thu, Oct 22, 2009 at 08:09:13PM -0400 or thereabouts, Jon Kibler wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I notice that when I run a version detection scan against a know Skype port, I
get neither a version detected nor a signature to submit. Why?

TIA!

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224
s: JonRKibler
e: Jon.Kibler () aset com
e: Jon.R.Kibler () gmail com
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrg9CkACgkQUVxQRc85QlMRZQCeOpNlMP7SfEfGMeAcgzg+OmtY
z/IAmwR5tvX6Olm4OGJFqIupEww5mrvz
=pMTO
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Attachment: _bin
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: