Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] Default NSE Scripts
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 15 May 2008 00:34:36 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brandon Enright wrote:
So I have a question about shortport from the script:

portrule = shortport.portnumber(53, "udp")

Is shortport for UDP == "open" or is it == "open|filtered"?  The docs
don't say and I haven't dug into the code.

If it is "open|filtered" we shouldn't include it by default.  If it is
"open" I think we should.  I suppose that would most likely require -sV
to have determined the port is open but that shouldn't be that big a
deal.

The script output is valuable enough that I'd like it to run by default
if port 53 has already been flagged as open.


Good point!

Looking at shortport.lua it seems that all of the functions default to a
state of "open" OR "open|filtered" (regardless of the protocol), but a
different state can be passed to any of them.

But changing this would present a problem: what about users specifying
the script explicitly (or by "intrusive" or whatever) and who want it
also run against open|filtered ports as is typical due to the default
behavior in shortport?  There's no way that I know of to differentiate
and say "run it by default only if it's open, but it can be used against
open|filtered ports otherwise"

Maybe Jah's been right all along in that it shouldn't be default :)

Brandon


Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSCvLav9K37xXYl36AQJnDA//X4N1fjkPJHMAoGdRecBpzbuksrYhDXgf
stfbRzlpWHtdxD5Zrw8gEnY5jz/ARs7srcriBc0Nxl8mIjclpUhOUibj6U6mCA64
wLig6Bb32B0BAZMg4h4vU061zyGxa0F3GdK6StijhfgkD2+40zXqtLNpHQg576pj
+ec11lcgPJhv/OOd3U4yXUZJQ6eSSsB414bG+hC0gU8z4YPzR8Y9wfOHH2Kmtu32
sjMjYfTlBEz1eKP9L0ap6X/j2GPA6n5cy56A1Ywa2nrKUi0h8y1UfKuS/bzFrVIp
qJfQ+s/FHez15dffK6QBdDTOpc7/tbfXq7PW0Ud8cNVrv0UChtb8+zXcXaSOCJ3g
HJbcrzjnwDRt2a2zSYftyGFFojSYOSeUeLmxOeMSUn7i+gz86dZduMipEcG7G8tt
WXSl2r3H97hsoUWS4MLmN+yqruYvZdVDQLUQcGvZmxRURqtRIJBt2dolDYD/OjXd
tAuwCAtA5j62b9JEZoam9lvz6YtnNcoJlCFkhN2Zp2tQWZ1/wWcJ/dpU/ZYVZcj0
V6TGfXtRoSwA917jhRU672jKRfUKQ3o+sKtEWsbAv9T5WRsXXR8mqXWJAObVhex8
Td/KPWnt7VnumtcXj7fYO0qjhfys7Nawf9n78xuWg+BoRjwaKAJua4FCjwO+gu2K
qYBRjRJvd7w=
=X6C6
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault