Re: [PATCH] Extended SSL support in Nmap, review

[David Fifield <david () bamsoftware com>]

On Tue, Mar 31, 2009 at 01:09:47PM +0200, Kristof Boeynaems wrote:
> You are right though, that this line is identical to the Nessus match
> line. In an earlier patch (see
> http://seclists.org/nmap-dev/2009/q1/0357.html), I commented out the
> lines that were "too generic" (in my opinion), but I did not do that
> in this patch, as I wanted to interfere as little as possible with
> existing match lines. I copied these other "too generic" match lines
> again below for your information:
>
>  #Too generic#match ssl m|^\x16\x03\0\0J\x02\0\0F\x03\0| p/OpenSSL/
>  #Too generic#match ssl m|^\x16\x03\0..\x02\0\0F\x03\0|s p/Microsoft
> IIS SSL/ o/Windows/
>  #Too generic#match ssl m|^\x16\x03\0\0\*\x02\0\0&\x03\0|
>  #Too generic#match ssl m|^\x16\x03\x01\0J\x02\0\0F\x03\x01| p/Nessus
> security scanner/
>
> Compare this too the new generic SSLv3 ServerHello match line:
>
>  match ssl m|^\x16\x03\0..\x02...\x03\0| p/SSLv3/

I integrated the patch, thanks! I calculated a 13% increase in the
number of SSL ports found from your test results, which is a nice
improvement. I left in a few of the specific match lines (the OpenSSL
one and the IIS one), on the off chance that the values returned really
are specific to those implementations. In any case it matters little,
because normally the SSL scan-through will begin after that and forget
that information.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org