Re: SIP version detection script

[David Fifield <david () bamsoftware com>]

On Tue, Dec 01, 2009 at 01:50:11AM -0500, Matt Selsky wrote:
> On Nov 26, 2009, at 10:46 AM, Patrik Karlsson wrote:
> > On 26 nov 2009, at 02.54, David Fifield wrote:
> >
> > > This patch is looking great and I have committed it in r16209. I have
> > > one question--is it worth adding "sslports 5061" to the TCP SIPOptions
> > > probe? Does someone have that set up so they can test it?
> >
> > I tested adding the sslports 5061 to the probe. It got me the same results but in a third of the time it took 
> > without it.
>
> And the patch:
>
> diff --git a/nmap-service-probes b/nmap-service-probes
> index 808f263..883a901 100644
> --- a/nmap-service-probes
> +++ b/nmap-service-probes
> @@ -6884,6 +6884,7 @@ match ldap m|^0.\x02.*TLS confidentiality required|s i/TLS required/
>  Probe TCP SIPOptions q|OPTIONS sip:nm SIP/2.0\r\nVia: SIP/2.0/TCP nm;branch=foo\r\nFrom: <sip:nm@nm>;tag=root\r\nTo: 
> <sip:nm2@nm2
>  rarity 5
>  ports 406,5060
> +sslports 5061
>  fallback GetRequest
>  # Some VoIP phones take longer to respond
>  totalwaitms 7500

Thanks, committed.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/