Re: xmpp.nse

[Vasiliy Kulikov <segooon () gmail com>]

On Sat, May 07, 2011 at 14:28 -0700, David Fifield wrote:
> On Mon, Apr 18, 2011 at 12:15:44PM -0700, David Fifield wrote:
> > I would prefer that the script not do a DNS SRV lookup. Other NSE
> > scripts don't work that way; rather, they have a portrule that causes
> > the script to be run when the script already appears to be the right
> > service. The way it is written now, the script will run for every host
> > (that is not identified by only an IP address).
>
> Since making this comment, I've learned a bit more about how XMPP works.
> Is it true that the SRV lookup is needed in some cases, for example with
> Google Talk?

Yes, gmail.com doesn't answer on 5222 port (it's filtered).  To connect
to gmail.com you have to resolve _xmpp-client._tcp.gmail.com and connect
to the hostname in SRV answer.

> If so, I do not object to adding this part back in, as long
> as it is carefully written so it doesn't run against every host.

Is there any script that resolves MX record for the target?  If yes, it
can be natively extended by resolving SRV _xmpp-client._tcp and
_xmpp-server._tcp.  The only thing is that most of jabber servers need
their original DNS name (before SRV resolution) and I see no simple way
to automatically pass it from DNS resolution to the actual host scan.
A plain addition the resolved name to the list of scanned hosts with the
saved DNS name is probably not the best way - it is not intuitively
clear to the user.

Thanks,

-- 
Vasiliy
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/