Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [BUG] Exclusions directive not honored by NSE version detection

From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 17 Jun 2010 13:39:17 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 17 Jun 2010 19:21:50 +0100
Djalal Harouni <tixxdz () gmail com> wrote:


On 2010-04-30 17:16:59 -0500, Tom Sellers wrote:

I have recently come across a bug involving port exclusions when
performing version
detection.   I plan to work on finding a fix for the issue this
weekend, but I thought I would go
ahead and send the info to the list now in the event that my work
was delayed or someone
had an idea of exactly where the issue lay.

Recent scanning shows that the Exclude directive in the
nmap-service-probes file is being
ignored by NSE version detection if more than one port is scanned on
a host.  The nmap
built in version detection skips the port, but NSE runs version
detection scripts against the
port anyway.


Hi Tom,

Attached is a patch against the latest nmap svn revision.

This patch introduce a new function port_is_excluded() in the
shortport.lua I've modified all the portrules of version category
scripts, so this needs testing before merging the patch.

Reasons for modifying portrules:
* I didn't want to modify the behaviour of portnumber() and service()
functions from the shortport.lua library.

* We must be sure that the excludedports list is initialized with the
correct data before executing/evaluating the portrule functions.



I have a couple of thoughts after briefly looking at the patch.

In some scripts you add a new shortport require just for the exclusion
test in the portrule, but since a portrule only covers one port
couldn't you just as well use the nmap.port_is_excluded?  Admittedly
this isn't a huge deal since shortport has pretty much always been
around, but I'm curious if there is some other reason for this (since
it looks like the shortport one is just a simple wrapper with support
for multiple ports in a table).  Perhaps I've missed something in my
brevity?

And while I agree that modifying the existing shortport functions like
portnumber() is not the way to go, I think creating a new function or
option (or whatever) for exclusion support is a good thing if it's not
really ugly or hacky.  Perhaps you've thought about this and came up
with no good solution?  I haven't given thought to how to go about it
yet, but I think having this would be good for version scripts for all
of the reasons shortport exists already for everything else.

Cheers,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJMGmvVAAoJEEQxgFs5kUfuSd4P/3IzqXV1OGs7oRPpB87hlsY0
UrkAXa9X5jJWCgF+tjwQ5c2R2cqhGxvwDAVLl4FKzbU4Qseu4KM2VBrz/c66iV0S
uwzw1QJX4lupmbnaigOnPEvjjxXntI1TbMq1pKLXkTDp9QDBHmONLAEVoyfgfrxy
C4XwJemv4tH+sp9w+deeXJOdk3uX2jZmThsqF3x/g6wJRGYS6kFjCCgQFI3FBRyw
l/QN74ON1jwewFmWQw/+Vt0E2MacdfW1eDO7lpc9vC/d1v+zeWyuFAoB7vtsD7xa
oU+o1GVG+vtU9D+p8Fie+e3csbl6cbJ7wcWRSdvqm8YWzyh2X1JBGj4AG8A36pgJ
B6X5knDpUSiNDaX/thlQejqZydAqxIlUKGh8JhPAGvl92zw/46sutKhUOX8rv7C9
7Kz+42Q8qhpcuNn8BVxdH12EK5lxqe/Ln2DMFdmtJzW9yVLvXnYjGgRYnfWwKyh+
DQcg7ONxxFomm1WcFZLItosO65tycVlJT4JcKdB63lYjD81uHxHdXJhNaAXWeTsz
XOrso8f7nTPdV/dcs/+SnJZjsbHLGLAyNJFXhy0c86Gk9SN3csCK4CTffN91bP76
SNdOwKHHCaseUbJQSlp0o7l39TWVs2TxSgj02Z4Of6IFXFGWXG+F2VdquxcCVgd2
9v0DpBsLb8i7vpUJo2p4
=G7sX
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: