Nmap Development mailing list archives
Re: [RFC] Detect certain Citrix application browsing services
From: Fyodor <fyodor () insecure org>
Date: Mon, 16 Nov 2009 02:07:34 -0800
On Sun, Nov 15, 2009 at 08:13:55PM -0700, David Fifield wrote:
On Fri, Nov 13, 2009 at 04:54:35PM -0600, Thomas Buchanan wrote:I'm looking for feedback on a couple of aspects of the patches. First, how should one determine the frequency values when adding entries to nmap-services? I used a value from the next closest port, but that seems pretty arbitrary.We have a record for port 1604/udp in the master nmap-services-all file, but because it has a frequency of 0 it is left out of the smaller nmap-services file. unknown 1604/udp 0/3027
If we have reason to believe the port is interesting, I think it is OK to just bump this up to 1/3027 and that should get it added to nmap-services. Eventually we will get better UDP data (ours is pretty limited for ports like this which were unnamed), but for now a little manual adjustment or two is fine. That can be useful not just for missed services, but for new ones which have become popular since the most recent port frequency survey.
I tried this, and it results in 302 additional lines in nmap-services, bringing the total number of lines to 20,192. Although the number of added lines is small, most of them are just where a TCP port shares the same name as a UDP port, even when a service commonly runs on only one or the other. Fyodor, what do you think about adding these named ports to the distributed nmap-services, even if their frequency is below the inclusion threshold?
I'm not opposed to that, but my initial thought is that a manual adjustment to that one service frequency may be better than a more general approach which brings along an extra 300 ports which might not actually be useful. The longer term strategy is to do a bigger survey and collect more UDP data. But the -p- UDP scans are very slow and consume a whole lot of memory. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC] Detect certain Citrix application browsing services Thomas Buchanan (Nov 13)
- Re: [RFC] Detect certain Citrix application browsing services David Fifield (Nov 15)
- Re: [RFC] Detect certain Citrix application browsing services Fyodor (Nov 16)
- Re: [RFC] Detect certain Citrix application browsing services David Fifield (Nov 24)
- Re: [RFC] Detect certain Citrix application browsing services Thomas Buchanan (Nov 16)
- Re: [RFC] Detect certain Citrix application browsing services David Fifield (Nov 16)
- Re: [RFC] Detect certain Citrix application browsing services Thomas Buchanan (Nov 16)
- Re: [RFC] Detect certain Citrix application browsing services Thomas Buchanan (Nov 23)
- Re: [RFC] Detect certain Citrix application browsing services David Fifield (Nov 24)
- Re: [RFC] Detect certain Citrix application browsing services Thomas Buchanan (Nov 25)
- Re: [RFC] Detect certain Citrix application browsing services David Fifield (Nov 25)
- Re: [RFC] Detect certain Citrix application browsing services Fyodor (Nov 16)
- Re: [RFC] Detect certain Citrix application browsing services David Fifield (Nov 15)