mailing list archives
Re: [RFC] NSE Re-categorization
From: Kris Katterjohn <katterjohn () gmail com>
Date: Fri, 13 Jun 2008 00:54:05 -0500
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, Jun 13, 2008 at 01:07:10AM +0100, jah wrote:
On 12/06/2008 23:07, Kris Katterjohn wrote:
So I think that either intrusive should include scripts that are
intended to crash services (all in the name of securing ones own
network, of course) or perhaps there should be a category for "exploits"
to include scripts that actively exploit vulnerabilities and could crash
a service or cause an sysadmin alarm - even if the intention is merely
to detect a vulnerability.
Good point. We don't have any scripts intended to crash services now.
But if we ever were to add such a script, I'd argue for some sort of
"dos" category. A script which performas a SYN scan or tries to crash
a certain service goes beyond what I would normally think of even as
Exploits is another interesting category. If we had actual exploits
like you find in Metasploit, they might fit well in such a category.
Our brute force authentication scripts sort of fit the bill, but it
sounds like we'll probably have a more specific category for them.
So I think both of these are good potential categories, but I don't
think we should add any categories unless we have at least one script
included which will use them. And I don't know of any DoS or exploit
scripts right now.
Agreed. And of course if we create categories like these, they will go along
with Safe and Intrusive wrt the "all-encompassing" factor.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org