Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: m|| versus m||s in nmap-service-probes
From: doug () hcsw org
Date: Sat, 15 Dec 2007 16:22:07 -0800

Hi Lionel!

On Mon, Dec 10, 2007 at 11:19:31AM +0100 or thereabouts, Lionel Cons wrote:
Most (all?) of these patterns dealing with binary data should IMHO use
m||s instead of m||.

I append below a list of patterns that seem to match binary data but I
think that all patterns should be reviewed manually to check whether
the "s" option is used correctly or not.

Thanks for doing this! I went through your list of match lines and
added the s modifier to most of them and committed the new version
to SVN.

Especially for cases like X11, I consider not having the s modifier
on these lines to be a bug. I have had to go back and add them
before in the past! Your perl script was a great idea and I
think will result in more accurate version scans against many
binary services including X11 and postgres.

Thanks again for all your suggestions!


PS. This change does touch a lot of match lines, however, and
although I don't expect any problems, any testing of the new
probes file is of course appreciated.

PPS. I didn't add s modifiers to any of the telnet probes
because I didn't think it was necessary. Although telnetds
often do spit out lots of binary crap, I still usually think
of them as ASCII, line based protocols.

Attachment: signature.asc
Description: Digital signature

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]