Nmap Development mailing list archives
Re: Skype detection
From: doug () hcsw org
Date: Fri, 23 Oct 2009 00:20:59 +0000
Hi Jon, It's because skype turns out to be pretty hard to match well without causing false positives on unrelated services. We have tried out skype match lines in the past, but found some fairly common services that were incorrectly identified as skype. Skype also seems to be pretty random about choosing its ports. So we had 2 options: 1) Enhance version detection to take into account multiple probe/responses when determining skype. 2) Use (NSE) Nmap Scripting Engine instead. We went with 2. See Brandon's skypev2-version.nse script. I think the first would have been a fairly non-intrusive change that might have been useful for other match lines as well, but using NSE is also a reliable way to match the skype service. If you use -sC you should see skype as a service. Doug On Thu, Oct 22, 2009 at 08:09:13PM -0400 or thereabouts, Jon Kibler wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I notice that when I run a version detection scan against a know Skype port, I get neither a version detected nor a signature to submit. Why? TIA! Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 s: 843-564-4224 s: JonRKibler e: Jon.Kibler () aset com e: Jon.R.Kibler () gmail com http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrg9CkACgkQUVxQRc85QlMRZQCeOpNlMP7SfEfGMeAcgzg+OmtY z/IAmwR5tvX6Olm4OGJFqIupEww5mrvz =pMTO -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Skype detection Jon Kibler (Oct 22)
- Re: Skype detection doug (Oct 22)