mailing list archives
Re: [RFC] Default NSE Scripts
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 15 May 2008 00:34:36 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Brandon Enright wrote:
So I have a question about shortport from the script:
portrule = shortport.portnumber(53, "udp")
Is shortport for UDP == "open" or is it == "open|filtered"? The docs
don't say and I haven't dug into the code.
If it is "open|filtered" we shouldn't include it by default. If it is
"open" I think we should. I suppose that would most likely require -sV
to have determined the port is open but that shouldn't be that big a
The script output is valuable enough that I'd like it to run by default
if port 53 has already been flagged as open.
Looking at shortport.lua it seems that all of the functions default to a
state of "open" OR "open|filtered" (regardless of the protocol), but a
different state can be passed to any of them.
But changing this would present a problem: what about users specifying
the script explicitly (or by "intrusive" or whatever) and who want it
also run against open|filtered ports as is typical due to the default
behavior in shortport? There's no way that I know of to differentiate
and say "run it by default only if it's open, but it can be used against
open|filtered ports otherwise"
Maybe Jah's been right all along in that it shouldn't be default :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org