Home page logo
/

nmap-dev logo Nmap Development mailing list archives

RE: NSE issue with shortport
From: "Thomas Buchanan" <TBuchanan () thecompassgrp net>
Date: Thu, 15 Nov 2007 17:04:53 -0600

-----Original Message-----
From: nmap-dev-bounces () insecure org 
[mailto:nmap-dev-bounces () insecure org] On Behalf Of Thomas Buchanan
Sent: Thursday, November 15, 2007 3:13 PM
To: Matthew Boyle
Cc: nmap-dev () insecure org
Subject: RE: NSE issue with shortport

-----Original Message-----
From: nmap-dev-bounces () insecure org 
[mailto:nmap-dev-bounces () insecure org] On Behalf Of Matthew Boyle
Sent: Thursday, November 15, 2007 2:51 PM
To: nmap-dev () insecure org
Subject: RE: NSE issue with shortport


something like this?

it automatically sets the port to have a new reason 
("script-set") when you modify its state.  mostly this is a 
lot easier than finding the correct reason_code from the 
user's (possibly ambiguous or incorrect) string, but also 
because i think this is a more accurate representation of 
what happened.  though i suppose we could guess that, say, a 
UDP port is being set to "open" because we've received a 
udp-response).


It works well in the brief testing I did.  Another scenario 
to consider
is when the service / version detection system changes the port state.
Not sure if something separate from "script-set" would be called for
there, or as you suggest, it should just use {protocol}-response as a
reason.
 


Replying to myself, not a good sign.  The following patch should be
carefully reviewed :)

Here's a quick patch to service_scan.cc to update the port reason when a
port's state is changed due to a response during service detection.

I'm not sure the TCP option is needed (can we have a TCP port whose
state == PORT_OPENFILTERED ?), but it's included for completeness.

Thomas

Attachment: service-reason.patch
Description: service-reason.patch


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]