Re: quake3 opportunistic portrule

[Toni Ruottu <toni.ruottu () iki fi>]

That would not be possible as many master servers are used for
multiple games simultaneously, but it also would not be correct.
Version detection is supposed to tell the protocol and possibly the
version of the server, but not what the server is used for.

When the master server is asked to provide server addresses for a game
version it is not aware of it will send an empty list, so the version
detection probe and matchline should work even when the master is not
aware of any servers for protocol 68.

We should probably call the protocol dpmaster instead of
quake3-master. Setting the product name probably does not make sense
unless we find a way of identifying different implementations of the
protocol. For example, if we could find a difference in Dpmaster and
the server IdSoftware wrote, we could use product names to underline
that.

I have attached a patch to apply instead of the earlier
quake3-master-probe patch. Here the protocol is called dpmaster. I
also removed the product name from the match line.

On Thu, Jan 6, 2011 at 10:19 PM, David Fifield <david () bamsoftware com> wrote:
> On Thu, Jan 06, 2011 at 09:47:53PM +0200, Toni Ruottu wrote:
> > The master server is not game specific. I am calling it quake3-master
> > because I got the impression that Quake3 was the first game to use the
> > protocol. The magic number 68 (in the probe) is the protocol version
> > of the game we are requesting server addresses for. I am using 68 as
> > that seems to be most common on the original quake3 master server. I
> > tried out all protocol numbers up to 100 to measure this. There are
> > also non-numeric versions, like "Nexuiz 3". These are harder to
> > analyse.
> >
> > I am working on some discovery scripts that do further analysis on
> > both the master servers and actual quake3 servers. I am not aware of
> > any other master server commands, and the response to getservers only
> > contains ports and IP addresses for game servers of the requested
> > version.
>
> I found some docs here:
>
> http://svn.icculus.org/twilight/trunk/dpmaster/doc/techinfo.txt?revision=10433&view=markup
> ftp://ftp.idsoftware.com/idstuff/quake3/docs/server.txt
>
> I agree that there doesn't look to be much room for protocol variation.
> (An exception appears to be the getserversExt command supported by this
> dpmaster.) But it also looks like it would be beneficial to try many
> different protocol numbers and game names, not just 68. What do you
> think about making this a "version" category NSE script, which sends
> whatever you think are the most likely game names/protocol numbers and
> sets the version to "quake3-master" on the first response?
>
> David Fifield

Attachment: dpmaster-probe.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/