Re: Quake 3 query script submission

[David Fifield <david () bamsoftware com>]

On Fri, Jan 29, 2010 at 05:54:03PM -0600, Mak Kolybabi wrote:
> On 2010-01-26 15:17, David Fifield wrote:
> > When you send in your next results, please also include the raw fingerprints
> > that Nmap prints out (the SF: lines).
>
> I've made updated probes (restricted to only the default ports) and
> anchored match lines as part of the attached diff. The SF lines for
> every game server are also attached.

Thanks! I've committed your patch with some changes. I made the service
name "quake2" for Alien Arena and "quake3" for the other games because
it seems to be the same basic protocol. I added in port ranges up to +4
for the ranges you identified before.

I tried to extract the version string for each server using the
fingerprints you sent as an example. I don't know if the fields in the
response are allowed to change their order, but if they are it might
break these more restrictive matches. If that happens, let us know and
we'll add in another match for the other order.

The probes seem pretty safe, so I also made them into UDP payloads.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/