mailing list archives
Re: m|| versus m||s in nmap-service-probes
From: doug () hcsw org
Date: Sat, 15 Dec 2007 16:22:07 -0800
On Mon, Dec 10, 2007 at 11:19:31AM +0100 or thereabouts, Lionel Cons wrote:
Most (all?) of these patterns dealing with binary data should IMHO use
m||s instead of m||.
I append below a list of patterns that seem to match binary data but I
think that all patterns should be reviewed manually to check whether
the "s" option is used correctly or not.
Thanks for doing this! I went through your list of match lines and
added the s modifier to most of them and committed the new version
Especially for cases like X11, I consider not having the s modifier
on these lines to be a bug. I have had to go back and add them
before in the past! Your perl script was a great idea and I
think will result in more accurate version scans against many
binary services including X11 and postgres.
Thanks again for all your suggestions!
PS. This change does touch a lot of match lines, however, and
although I don't expect any problems, any testing of the new
probes file is of course appreciated.
PPS. I didn't add s modifiers to any of the telnet probes
because I didn't think it was necessary. Although telnetds
often do spit out lots of binary crap, I still usually think
of them as ASCII, line based protocols.
Description: Digital signature
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org