Re: Minecraft "Insecure Mode" Detection Script

[Ron <ron () skullsecurity net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 11 Jan 2011 23:48:04 -0800 Fyodor <fyodor () insecure org> wrote:
> On Tue, Jan 11, 2011 at 10:04:16AM +0200, Toni Ruottu wrote:
> > As for extracting more information, I had my go at implementing the
> > protocol in greater detail. It is doable, but not that easy. The
> > protocol is very verbose, so getting the interesting information
> > requires bypassing lots of uninteresting stuff. That would not be so
> > much of a problem, but skipping a frame requires parsing it to
> > figure out how big it is based on the frame type, but also some
> > information stored in the payload.
>
> Thanks for the details!  For now I think we should leave
> minecraft-auth out of Nmap proper, and let users who want it get it
> from http://seclists.org/nmap-dev/2010/q4/729.  We can revisit that if
> we see a lot of demand from users to have it integrated, or if it is
> expanded to obtain more information from the Minecraft server.

I personally think that unless it's big, noisy, slow, or pointless, it should be included. 

Somebody doing a vulnerability scan of their network might see no vulnerabilities, even though this vulnerability 
exists. 

Ron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)

iEYEARECAAYFAk0vTsQACgkQ2t2zxlt4g/QmjgCfVOhUgyCWeFMTcelIl61LbMS2
PbMAoKq5z+N8Y70m3VeBNV9/BFxdc9g6
=QILt
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/