Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [NSE] New UPnP information gathering script

From: "Thomas Buchanan" <TBuchanan () thecompassgrp net>
Date: Fri, 11 Jan 2008 09:14:37 -0600
-----Original Message-----
From: nmap-dev-bounces () insecure org 
[mailto:nmap-dev-bounces () insecure org] On Behalf Of Gisle Vanem
Sent: Friday, January 11, 2008 8:11 AM
To: Nmap-dev
Subject: Re: [NSE] New UPnP information gathering script

"Thomas Buchanan" <TBuchanan () thecompassgrp net> wrote:


Unfortunately, I don't know any way of working around this at this
point, so those systems won't be detected by this script.  Out of
curiosity, what type of router do you have?


A Netopia Cayman 3351 ADSL router.



Thanks for the information.



The noticy msg. comes every ~3 min in groups of 16. From tshark:

 1   0.000000     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1

...

16   1.860755     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1

And the last one expanded:

Hypertext Transfer Protocol
   NOTIFY * HTTP/1.1\r\n


It looks like this device relies on active broadcasting of the UPnP
service, rather then relying on client devices to do the discovery for
themselves.  I think it's beyond the scope of the script to try and
detect these kinds of active broadcast messages.

Thomas

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: