Nmap Development mailing list archives
Re: SIP version detection script
From: Patrik Karlsson <patrik () cqure net>
Date: Wed, 25 Nov 2009 00:13:35 +0100
On 24 nov 2009, at 23.58, Fyodor wrote:
On Tue, Nov 24, 2009 at 09:01:36AM +0100, Patrik Karlsson wrote:I have an updated script that does that and works against 5060/tcp and 5061/tcp (SIP TLS). However, as I posted earlier I realized that there is a static probe in nmap-service-probes that already works against 5060/tcp. So I'm guessing that same probe could be sent to 5060/udp as well and make my script redundant?Hi Patrik. Thanks for sending your SIP script, and you make a good point here about the existing static probe. In general, it is best to handle version detection using that subsystem (e.g. nmap-service-probes) rather than NSE. Nmap-service-probes is less powerful and flexible, but more efficient to execute and maintain. But it can only handle 1 static probe and a regex-parseable response. I see that your script uses a more dynamic probe containing the source IP address, etc. Maybe you can experiment with 5060/udp and see if you can get the same version information with just a version detection probe and match line(s) in nmap-service-probes? Like we do for TCP. That would be the ideal case. If that cannot be done, your new SIP script is a great fallback option. Cheers, -F
Hi Fyodor, Thanks for the explanation. It turned out that there's no need for that dynamic stuff to be in there in order to trigger a response, at least not for the equipment I tested it against using the static probe already in nmap. I did a quick test against UDP using the static probe and got answers back that seemed equivalent to those recieved over TCP. For some reason they failed to match any of the existing lines though? //Patrik _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- SIP version detection script Patrik Karlsson (Nov 22)
- Re: SIP version detection script Matt Selsky (Nov 22)
- Re: SIP version detection script Patrik Karlsson (Nov 23)
- Re: SIP version detection script Matt Selsky (Nov 24)
- Re: SIP version detection script Patrik Karlsson (Nov 24)
- Re: SIP version detection script Matt Selsky (Nov 25)
- Re: SIP version detection script David Fifield (Nov 25)
- Re: SIP version detection script Patrik Karlsson (Nov 23)
- Re: SIP version detection script Matt Selsky (Nov 22)
- Re: SIP version detection script Patrik Karlsson (Nov 24)
- Re: SIP version detection script Fyodor (Nov 24)
- Re: SIP version detection script Patrik Karlsson (Nov 24)
- Re: SIP version detection script Matt Selsky (Nov 25)
- Re: SIP version detection script Patrik Karlsson (Nov 25)
- Re: SIP version detection script Matt Selsky (Nov 25)
- Re: SIP version detection script Patrik Karlsson (Nov 25)
- Re: SIP version detection script David Fifield (Nov 25)
- Re: SIP version detection script Patrik Karlsson (Nov 26)
- Re: SIP version detection script Matt Selsky (Nov 30)
- Re: SIP version detection script David Fifield (Dec 12)