Re: Major SIPOptions probe reorganisation

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 19 Jun 2008 22:31:13 -0700 or thereabouts doug () hcsw org wrote:

> On second thought, maybe moving the probe up isn't a good idea
> since it has a rarity of 5. This means that SIPOptions will be
> applied before GetRequest on unknown ports which probably is
> undesirable. I can think of two fixes:
>
> * Move SIPOptions back down and just let GetRequest be applied
>   to 5060 before SIPOptions

Doug, you probably know the service fingerprinting mechanism better
than anyone else so I trust your judgment.

If SIPOptions now has GetRequest as a fallback can't we just drop 5060
from GetRequest and SIP will be applied first before Get?

> * Boost the rarity of SIPOptions

That seems like an abuse of rarity.  I'd say a rarity of 5 is already
pushing it.  SIP really isn't *that* common.

> Comments?

I think applying probes in the order that they appear in the file
rather than in order of rarity should be changed.  We can use their
order in the file to determine probe order when two probes have the
same rarity.

We almost never have problems like this though so maybe it can just be
left the way it is.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkhbSBoACgkQqaGPzAsl94K8mwCfaEQBsFupZb0D9Gp4pe20YZON
xPIAoL4nHk325a1EGRYAF7ZfUXFDex5y
=73Ab
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org