Nmap Development mailing list archives

Re: Quake 3 query script submission

From: David Fifield <david () bamsoftware com>
Date: Mon, 18 Jan 2010 12:35:27 -0700

On Mon, Jan 18, 2010 at 01:18:47PM -0600, Mak Kolybabi wrote:

I had the same thought as Fyodor, which is that it would be best to
somehow probe the target itself to see if it's running a server, if
that's possible. How does it work? Is the server for a game always
(or usually) running on a standard port, or does it pick a random
port and users have to go through a master to find it? In the second
case the job is more difficult, but it would still be good to have
some indication that a target may be running a game server before
hitting an external host.


These game servers work like many other services in that they have a default
port (e.g., 26000 for Nexuiz), but you can easily change them to any other port.
For example, I just queried the master servers for the list of public Nexuiz
servers and got the following most common ports:
- 26000: 85 servers
- 26001: 16 servers
- 26002: 9 servers
- 26003: 7 servers
- 26004: 6 servers
So I'd agree that it's reasonable to query the default ports and maybe five to
ten ports after it to catch maybe half of the cases.


That's a good idea. We already have the name "quake" for 26000/udp in
nmap-services, and 26001, 26002, 26005, and 26007 were common enough to
be included (as "unknown"). I think it's fine to have the script run if
any of the ports 26000-26004 are open. Then you can look up server
information from the master server. Getting the information directly
from the game server instead of from a third party is better, if that's
possible.

If you know of a probe for server status or something like that, send it
to us and we may add it to nmap-service-probes. If it's a safe probe
without side effects, we can add it to the UDP payloads list too. That
will make scanning for game servers quick and accurate.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Quake 3 query script submission Mak Kolybabi (Jan 16)
- Re: Quake 3 query script submission Fyodor (Jan 17)
  - Re: Quake 3 query script submission Mak Kolybabi (Jan 18)
- Re: Quake 3 query script submission David Fifield (Jan 18)
  - Re: Quake 3 query script submission Mak Kolybabi (Jan 18)
    - Re: Quake 3 query script submission David Fifield (Jan 18)
    - Re: Quake 3 query script submission Mak Kolybabi (Jan 24)
    - Re: Quake 3 query script submission Brandon Enright (Jan 24)
    - Re: Quake 3 query script submission Mak Kolybabi (Jan 25)
    - Re: Quake 3 query script submission David Fifield (Jan 26)
    - Re: Quake 3 query script submission Mak Kolybabi (Jan 29)
    - Re: Quake 3 query script submission David Fifield (Jan 29)