Re: Lexmark script

[David Fifield <david () bamsoftware com>]

On Sat, Jan 23, 2010 at 10:36:04AM +0100, Patrik Karlsson wrote:
> On 23 jan 2010, at 01.32, David Fifield wrote:
> > I'm confused. In the new version of this script, the portrule lets the
> > script run when port 9100/udp is open, but then goes on to send a probe
> > to 5353/udp. Which port is the service you're querying running on? What
> > do you get when you probe port 9100 directly?
> >
> >     portrule = shortport.portnumber(9100, "udp")
> >     local response = try( dns.query( "", { port = 5353, host = host.ip, dtype="PTR", retPkt=true} ) )
> >
> > Your previous portrule would have allowed the script to run if either
> > port was open, and I'm confused about which port was really being
> > targeted.
>
> Sorry for the confusion. Now, that I've looked at it closer, it works
> both against 9100/udp and 5353/udp. I have updated the script on my
> blog to work with both.
>
> > I know I said that the protocol didn't look like DNS-SD, but it's
> > strange to run something on port 5353 that's almost but not quite
> > DNS-SD. What does dns-service-discovery sa about this device, if
> > anything?
>
> The dns-service-discovery script does not work because it contains a
> query.  The query section must be left empty in order to trigger a
> response.  The service will also trigger a response when it receives
> the NTP probe which doesn't decode as a DNS-SD packet either. I
> previously tried to make the NTP probe shorter in order to find what
> triggers the response and was able to remove a few bytes from the NTP
> probe and still receive a response. So, basically your right the query
> doesn't look all that DNS-SD even though what the script is sending is
> basically DNS-SD with an empty query.

Thanks for the explanation. It looks good and you may commit it.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/