Nmap Development mailing list archives
Re: SIP version detection script
From: Fyodor <fyodor () insecure org>
Date: Tue, 24 Nov 2009 14:58:39 -0800
On Tue, Nov 24, 2009 at 09:01:36AM +0100, Patrik Karlsson wrote:
I have an updated script that does that and works against 5060/tcp and 5061/tcp (SIP TLS). However, as I posted earlier I realized that there is a static probe in nmap-service-probes that already works against 5060/tcp. So I'm guessing that same probe could be sent to 5060/udp as well and make my script redundant?
Hi Patrik. Thanks for sending your SIP script, and you make a good point here about the existing static probe. In general, it is best to handle version detection using that subsystem (e.g. nmap-service-probes) rather than NSE. Nmap-service-probes is less powerful and flexible, but more efficient to execute and maintain. But it can only handle 1 static probe and a regex-parseable response. I see that your script uses a more dynamic probe containing the source IP address, etc. Maybe you can experiment with 5060/udp and see if you can get the same version information with just a version detection probe and match line(s) in nmap-service-probes? Like we do for TCP. That would be the ideal case. If that cannot be done, your new SIP script is a great fallback option. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- SIP version detection script Patrik Karlsson (Nov 22)
- Re: SIP version detection script Matt Selsky (Nov 22)
- Re: SIP version detection script Patrik Karlsson (Nov 23)
- Re: SIP version detection script Matt Selsky (Nov 24)
- Re: SIP version detection script Patrik Karlsson (Nov 24)
- Re: SIP version detection script Matt Selsky (Nov 25)
- Re: SIP version detection script David Fifield (Nov 25)
- Re: SIP version detection script Patrik Karlsson (Nov 23)
- Re: SIP version detection script Matt Selsky (Nov 22)
- Re: SIP version detection script Patrik Karlsson (Nov 24)
- Re: SIP version detection script Fyodor (Nov 24)
- Re: SIP version detection script Patrik Karlsson (Nov 24)
- Re: SIP version detection script Matt Selsky (Nov 25)
- Re: SIP version detection script Patrik Karlsson (Nov 25)
- Re: SIP version detection script Matt Selsky (Nov 25)
- Re: SIP version detection script Patrik Karlsson (Nov 25)
- Re: SIP version detection script David Fifield (Nov 25)
- Re: SIP version detection script Patrik Karlsson (Nov 26)
- Re: SIP version detection script Matt Selsky (Nov 30)
- Re: SIP version detection script David Fifield (Dec 12)