Nmap Development mailing list archives
Re: [PATCH] Extended SSL support in Nmap
From: doug () hcsw org
Date: Sat, 21 Feb 2009 21:38:55 +0000
Hi Kristof, Thanks for looking into version detection/SSL so deeply. There are usually a few fingerprints for SSL services that weren't properly matched though I think recent versions of Nmap have gotten better because it mostly seems to be outdated nmap versions that send these. Would it be possible to keep the SSLSessionReq probe name? The thing is that we often get fingerprints from old versions of Nmap and they will all use the probe name SSLSessionReq which will make it difficult to test them against an nmap-service-probes that doesn't have this probe. I like how your patch doesn't modify the probe string sent by the SSL probe. This is good because there are other non-SSL services that are matched by the SSLSessionReq probe. If the probe string changed it might obsolete those match lines and we'd have to start over with those services. Off the top of my head, AFP and tor are two services matched by this probe. Anyways your patch is looking good as it sounds like it will increase Nmap's SSL coverage. But this could potentially be a big change so we should make sure we think it all the way through. And of course any modifications to the system need to be documented: http://nmap.org/book/vscan-post-processors.html#vscan-ssl-postprocess I think at least it will need to be made clear that there are multiple services that will be passed to SSL post processing (if available), not just ssl but now tlsv1, sslv3, sslv2, etc. As Fyodor said it might make more sense just to keep using ssl for everything unless there's a really compelling reason otherwise. Hope this helps, Doug
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Extended SSL support in Nmap Kristof Boeynaems (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap Kristof Boeynaems (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap Brandon Enright (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap Kristof Boeynaems (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap Brandon Enright (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap Kristof Boeynaems (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap doug (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap Kristof Boeynaems (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap, review David Fifield (Mar 02)
- Re: [PATCH] Extended SSL support in Nmap, review Kristof Boeynaems (Mar 03)
- Re: [PATCH] Extended SSL support in Nmap, review David Fifield (Mar 03)
- Re: [PATCH] Extended SSL support in Nmap, review Kristof Boeynaems (Mar 22)
- Re: [PATCH] Extended SSL support in Nmap, review David Fifield (Mar 30)
- Re: [PATCH] Extended SSL support in Nmap, review Kristof Boeynaems (Mar 31)
- Re: [PATCH] Extended SSL support in Nmap, review David Fifield (Mar 31)
- Re: [PATCH] Extended SSL support in Nmap, review Kristof Boeynaems (Mar 03)