Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: salt in version probes

From: David Fifield <david () bamsoftware com>
Date: Mon, 31 Jan 2011 03:15:23 -0800
On Mon, Jan 17, 2011 at 04:12:08PM +0200, Toni Ruottu wrote:

If it seems inconvenient to do this kind of changes at this point in
the release process, I am perfectly okay with leaving the probes out.
I am not even sure, if it is a good idea anyway. It is probably
possible to write some kind of matchlines based on RFCs. Do we prefer
this over gathering data through experimentation?


Generally the probes are based on RFCs, but the match lines are based on
experiment. The important thing is to start with a probe that will get
lots of different answers from different servers so that the match lines
aren't all the same. Sometimes this requires creativity and not just
sending what the most typical first packet for the protocol is.
Sometimes error messages can be better than success messages. What other
possible probes are there for Teredo and STUN? Which do you think will
be the most effective? Is there a chance of combining the probe more
generically with another protocol?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: