Nmap Development mailing list archives
Re: [RFC][NSE] Modify shortport.ssl and shortport.http to avoid tcpwrapped services
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 17 Sep 2012 15:32:08 -0500
On 09/14/2012 04:40 PM, David Fifield wrote:
I'm abandoning this change, since in some of my testing, services that were detected as "tcpwrapped" actually succeeded later in responding to SSL probes from NSE. I'm guessing this is due to the timing options of my scan (especially --max-retries=1) leading to dropped packets and/or rate limiting by the targets.On Fri, Sep 14, 2012 at 04:28:55PM -0500, Daniel Miller wrote:Checking into the shortport.ssl function, I thought that it could be extended to check for tcpwrapped services (while still matching ssl-tunnelled services that get detected as tcpwrapped).It looks fine to me. Here,I also added the functionality to shortport.http, and made it match if Version detection labels a service http. Here's the patch: +http = function (host, port) + return port.version.name == "http" or + ( port.version.name ~= "tcpwrapped" and + port_or_service(LIKELY_HTTP_PORTS, LIKELY_HTTP_SERVICES)(host, port)) +end"if Version detection labels a service http": it already does that. "http" is in LIKELY_HTTP_SERVICES. I think the check return port.version.name == "http" is redundant. David Fifield
I'm open to suggestions from the list on how to modify scripts to gracefully handle timeouts (which would be the case if the service were truly tcpwrapped).
Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC][NSE] Modify shortport.ssl and shortport.http to avoid tcpwrapped services Daniel Miller (Sep 14)
- Re: [RFC][NSE] Modify shortport.ssl and shortport.http to avoid tcpwrapped services David Fifield (Sep 14)
- Re: [RFC][NSE] Modify shortport.ssl and shortport.http to avoid tcpwrapped services Daniel Miller (Sep 14)
- Re: [RFC][NSE] Modify shortport.ssl and shortport.http to avoid tcpwrapped services Daniel Miller (Sep 17)
- Re: [RFC][NSE] Modify shortport.ssl and shortport.http to avoid tcpwrapped services David Fifield (Sep 14)