Hi Tavaris!
The most comprehensive description of the rarity technique is here:
http://insecure.org/nmap/vscan/vscan-technique.html#vscan-selection-and-rarity
The values were assigned fairly arbitrarily. The idea is to make it convenient
to choose the number of probes applied by changing the version intensity value.
Probes with a rarity of 7 or below are tried by default. Certain probes are just
too rare or specific to be tried by default so they have an higher rarity value.
No, there wasn't any formal method to choosing the rarity values. Fyodor and I
just chose values that seemed to work well. I'm sure we'd be open to suggestions
on how to improve the rarity values!
Best,
Doug
On Fri, Feb 02, 2007 at 09:08:18AM -0500 or thereabouts, Thomas Tavaris J (Tavaris) wrote:
>
> Hello.
>
> In the nmap-service-probes file, there is an attribute called "rarity"
> assigned to the different types of service probes.
>
> Can anyone tell me how these values were assigned? I see that the
> default is "5" (the avg). Were they based (assigned) on observations of
> services seen running in the wild?
>
> Is there any formal method to the rarity attribute value?
>
>
> -Tavaris
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Feb 02 2007
Intro
