Nmap Development mailing list archives
Re: HP-PJL softmatch line
From: Fyodor <fyodor () insecure org>
Date: Wed, 9 Jun 2010 16:20:10 -0700
On Sat, Jun 05, 2010 at 01:12:43PM -0500, Tom Sellers wrote:
I would like some feedback on following HP-PJL softmatch line: # We don't want to send a bunch more probes that will be printed softmatch hp-pjl m|^| i/hp-pjl probe got something back/ In my scanning scenario, scanning all ports and using --version-all, it is generating numerous hits and changing the service field to hp-pjl. There are many cases, for example ports 21 and 80, where that changes what scripts trigger against a port.
Hi Tom. That line (along with the HP-PJL probe it corresponds to was added last august (r15334). The commit comment says the probe "is inactive at the moment because its ports 9100-9107 are in the default Exclude list. (In fact, they are the default exclude list.) Users will have to comment out the Exclude line to test these." But it may have been forgotten that the probe will still be tried for non-blocked ports after all the "probable ports" are tried and failed, if you use --version-all. That option is needed because the rarity value for this probe is 9. This softmatch is clearly problematic, as your tests show. And nobody has defended this signature in the last 4 days, so I'll comment it out. I suppose it might be useful for someone to enable in cases where they are intentionally testing hp-pjl ports. Anyway, thanks for the report! Sometimes people ignore small/obscure issues like this, but it is better to get them fixed. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- HP-PJL softmatch line Tom Sellers (Jun 05)
- Re: HP-PJL softmatch line Fyodor (Jun 09)
- Re: HP-PJL softmatch line Brandon Enright (Jun 09)
- Re: HP-PJL softmatch line Fyodor (Jun 09)