Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: quake3 opportunistic portrule

From: Toni Ruottu <toni.ruottu () iki fi>
Date: Sat, 9 Apr 2011 01:48:11 +0300
I am reopening this old topic. We added a probe for detecting
quake3-master servers. We decided we should not add another probe for
detecting Dpmaster as it is just a specific implementation. I am
thinking of writing a dpmaster-version script that would run against
quake3-master servers, and check whether that server is Dpmaster or
not. Does this make sense? With the script we do not need to add
probes that get sent against all targets. Instead we can only run
version detection against ports that have already been identified as
quake3-master.

On Tue, Jan 11, 2011 at 4:36 AM, David Fifield <david () bamsoftware com> wrote:

On Mon, Jan 10, 2011 at 10:17:18AM +0200, Toni Ruottu wrote:

Here is another probe that detects the getserversExt support. Presence
of the command implies that the server is Dpmaster 2.0 or later. I put
the v/2.0/ as I could not figure out a convention for stating "or
later". Feel free to change that as you see fit. You can use
nmap -sV -p 27950 -sU -Pn master.urbanterror.net master.quake3arena.com
to test the probe. master.quake3arena.com does not support the
feature, but master.urbanterror.net does. Also master.urbanterror.net
did not know about the game I am using in the probe while I was
testing it, so it is a good test candidate.


Hmm, I'm not sure that this is an important enough protocol to have two
different version probes. Especially as the second probe is only to
distinguish one particular implementation that is already matched
(generically) by the first probe.

One one hand, this only affects a couple of ports by default, but on the
other, it will slow down everybody's --version-all.

I know I'm the one who suggested dpmaster detection, but I'm inclined
not to include this probe unless someone thinks differently.

David Fifield


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: