Nmap Development mailing list archives

Re: [NSE] False timestamp in ssl-date

From: nnposter () users sourceforge net
Date: Thu, 7 Aug 2014 23:00:25 +0000

nnposter wrote:

Personally I would have preferred to keep the original quick-success
clause and call the first sample good enough if it does not differ
substantially from the scanner clock. Its main advantage is that it
eliminates the forced sleep (and two additional connections/handshakes)
in most cases. (It would be easy to add it back. If the concern is
a false-positive match then we could be less tolerant than the original
+/- 15 minutes.)


The quick-success clause can be implemented with the additional patch
below (applied on top of the first patch).


Cheers,
nnposter


--- scripts/ssl-date.nse.orig   2014-08-07 15:53:20.340222800 -0600
+++ scripts/ssl-date.nse        2014-08-07 16:30:45.992819400 -0600
@@ -162,20 +162,24 @@
 
 
 action = function(host, port)
-  local reftm = get_time_sample(host, port)
-  if not reftm then
+  local tm = get_time_sample(host, port)
+  if not tm then
     return stdnse.format_output(false, "Unable to obtain data from the target")
   end
-  local status, tm = test_time_sample(host, port, reftm)
-  if status and status == result.STAGNANT then
-    stdnse.sleep(1.1)
+  if math.abs(tm.delta) > 5*60 then
+    local reftm = tm
+    local status
     status, tm = test_time_sample(host, port, reftm)
-  end
-  if not status then
-    return stdnse.format_output(false, "Unable to obtain data from the target")
-  end
-  if status ~= result.ACCEPTED then
-    return stdnse.format_output(false, "TLS randomness does not represent time")
+    if status and status == result.STAGNANT then
+      stdnse.sleep(1.1)
+      status, tm = test_time_sample(host, port, reftm)
+    end
+    if not status then
+      return stdnse.format_output(false, "Unable to obtain data from the target")
+    end
+    if status ~= result.ACCEPTED then
+      return stdnse.format_output(false, "TLS randomness does not represent time")
+    end
   end
 
   local output = {
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] False timestamp in ssl-date nnposter (Aug 01)
- Re: [NSE] False timestamp in ssl-date Daniel Miller (Aug 01)
- Re: [NSE] False timestamp in ssl-date David Fifield (Aug 01)
  - Re: [NSE] False timestamp in ssl-date nnposter (Aug 07)
    - Re: [NSE] False timestamp in ssl-date nnposter (Aug 07)
    - Re: [NSE] False timestamp in ssl-date Fyodor (Aug 16)
    - Re: [NSE] False timestamp in ssl-date nnposter (Aug 18)
    - Re: [NSE] False timestamp in ssl-date Daniel Miller (Aug 20)
    - Re: [NSE] False timestamp in ssl-date nnposter (Aug 22)