Nmap Development mailing list archives
Re: salt in version probes
From: David Fifield <david () bamsoftware com>
Date: Mon, 31 Jan 2011 03:15:23 -0800
On Mon, Jan 17, 2011 at 04:12:08PM +0200, Toni Ruottu wrote:
If it seems inconvenient to do this kind of changes at this point in the release process, I am perfectly okay with leaving the probes out. I am not even sure, if it is a good idea anyway. It is probably possible to write some kind of matchlines based on RFCs. Do we prefer this over gathering data through experimentation?
Generally the probes are based on RFCs, but the match lines are based on experiment. The important thing is to start with a probe that will get lots of different answers from different servers so that the match lines aren't all the same. Sometimes this requires creativity and not just sending what the most typical first packet for the protocol is. Sometimes error messages can be better than success messages. What other possible probes are there for Teredo and STUN? Which do you think will be the most effective? Is there a chance of combining the probe more generically with another protocol? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- salt in version probes Toni Ruottu (Jan 14)
- Re: salt in version probes David Fifield (Jan 15)
- Re: salt in version probes Toni Ruottu (Jan 16)
- Re: salt in version probes Toni Ruottu (Jan 17)
- Re: salt in version probes David Fifield (Jan 31)
- Re: salt in version probes Toni Ruottu (Feb 06)
- Re: salt in version probes Toni Ruottu (Jan 16)
- Re: salt in version probes David Fifield (Jan 15)