Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nse unusual-port ident bug

From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 26 Nov 2011 19:07:11 +0100
Hmm, the script design seemed like a good idea at the time of the writing
but now maybe not so much.
What happens is that the script loads the nmap-services file in order to
avoid duplicating service info into a static table.
It then runs as a portrule for each open port and attempts to match the
name of the service, as discovered by the service scan, against the entry
for that port number in the nmap-services file.
In this case, the entry in nmap-services says "auth" while the
service/version scan recognizes the port as "ident".
While, to the best of my knowledge, this is essentially the same service
there's a discrepancy between the entries in the file nmap-services and
nmap-service-probes.

I see two different solution:
1. Make sure that the service names in the two different files are properly
aligned
2. Create an alternative smaller table in the unusual-port script that
contains a subset of the services

Not sure how to proceed here, ideas and feedback is welcome.

//Patrik

On Sat, Nov 26, 2011 at 5:37 PM, Josh Greenwood <joshgreenwood () gmail com>wrote:


Hi,

unusual-port is reporting that ident on tcp/113 is unexpected.

Scan:
./nmap -sS -sV --script=scripts/unusual-port.nse -p113 192.168.0.1

Output:
PORT    STATE SERVICE VERSION
113/tcp open  ident
|_unusual-port: ident unexpected on port tcp/113

I'm using revision 27258.

Thanks,
Josh





-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: