Nmap Development mailing list archives
RE: [NSE] SSL Fingerprint Matching
From: "Rob Nicholls" <robert () robnicholls co uk>
Date: Thu, 6 Jan 2011 20:19:03 -0000
The latest Debian SSL blacklist file at https://launchpad.net/ubuntu/natty/+source/openssl-blacklist appears to be 31.4MB at the moment using tar.gz (uncompressed, that takes up 72MB). Even if we keep it compressed, this is more than double the size of Nmap's current Apple installer, and increases the Windows setup/source code downloads by around 150%! If we distribute it uncompressed due to a lack of compression libraries, you're looking at some major increases in bandwidth (e.g. 91MB vs 19MB on Windows). Rob -----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Mak Kolybabi Sent: 06 January 2011 20:09 To: Toni Ruottu Cc: nmap-dev; Arturo 'Buanzo' Busleiman Subject: Re: [NSE] SSL Fingerprint Matching On 2011-01-06 22:01, Toni Ruottu wrote:
Nice work. Why are we worried about the fingerprint file size? Nmap all ready ships with operating system detection and software version identifying databases. How big do we expect the SSL fingerprint file to
become? Depends on how much info we want to include with each fingerprint. Right now, I've trimmed it down to the minimum of just saying where it came from originally, removing all the model/manufacturer/version info. The other thing that could make the file size balloon is including the Debian SSL blacklist. I believe those are in the tens of megabytes. -- Mak Kolybabi <mak () kolybabi com> () ASCII Ribbon Campaign | Against HTML e-mail /\ www.asciiribbon.org | Against proprietary extensions _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] SSL Fingerprint Matching Toni Ruottu (Jan 06)
- Re: [NSE] SSL Fingerprint Matching Mak Kolybabi (Jan 06)
- RE: [NSE] SSL Fingerprint Matching Rob Nicholls (Jan 06)
- Re: [NSE] SSL Fingerprint Matching Toni Ruottu (Jan 06)
- RE: [NSE] SSL Fingerprint Matching Rob Nicholls (Jan 06)
- Re: [NSE] SSL Fingerprint Matching Toni Ruottu (Jan 06)
- Re: [NSE] SSL Fingerprint Matching Fyodor (Jan 06)
- Re: [NSE] SSL Fingerprint Matching Mak Kolybabi (Jan 06)
- <Possible follow-ups>
- Re: [NSE] SSL Fingerprint Matching David Fifield (Feb 22)
- Re: [NSE] SSL Fingerprint Matching Fyodor (Feb 23)
- Re: [NSE] SSL Fingerprint Matching Toni Ruottu (Mar 17)
- Re: [NSE] SSL Fingerprint Matching Mak Kolybabi (Mar 18)
- Re: [NSE] SSL Fingerprint Matching Fyodor (Feb 23)
- Re: [NSE] SSL Fingerprint Matching Mak Kolybabi (Mar 20)
- Re: [NSE] SSL Fingerprint Matching David Fifield (Mar 22)