Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: great book and small 6to4 conversion NSE script

From: David Fifield <david () bamsoftware com>
Date: Mon, 29 Dec 2008 23:16:26 -0700
On Mon, Dec 29, 2008 at 10:51:17PM +0000, Brandon Enright wrote:

On Mon, 29 Dec 2008 22:59:19 +0100 or thereabouts Henrik Lund Kramshøj
<hlk () kramse dk> wrote:

...snip...

I also attach the annoying perl script and my first try in
converting it - using hardcoded
values for the packet. It is a nice way of getting the time from a  
nameserver,
by forcing it to return a signed packet, and taking the difference  
form localtime.



I've been meaning to dig through the fpdns (fingerprint DNS for those
who haven't used it) and integrate some of its ideas into the service
probes file.  The script you attached can mostly be converted to a
service fingerprinting probe/match pair.  Depending on the format of the
received response, we may need a routine to "unpack" a few bytes into a
number (string) and possibly even the equivalent of perl's "localtime
1230590913" to convert a number to a string like "Mon Dec 29 22:48:04 UTC 2008".

I'm not sure if Fyodor is open to adding relatively simplistic routines
like that to service fingerprinting or he'd rather have NSE take over
that sort of task.  Personally, I'd prefer DNS timestamping to be a
service fingerprinting feature.


"version" category scripts run with -sV. Is that good enough or were you
thinking of another reason for using plain version detection?

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: