mailing list archives
Re: [RFC] NSE Re-categorization
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 18 Jun 2008 17:22:45 -0500
-----BEGIN PGP SIGNED MESSAGE-----
DePriest, Jason R. wrote:
What might be nice is a hierarchy to show which safer tests are
subsets of more "dangerous" or at least more involved tests.
Something like this:
safe --> discovery --> version --> vuln ----->|-> intrusive
\-> auth --->/
with demo and default on their own
A script like netbios-smb-os-discovery.nse does a lot of work. It's
almost intrusive, but probably just a discovery.
The diagram helps me figure out where it should go and "version" seems
fine in that context since it does more than a simple discovery and
you don't want to run it without asking for version detection.
I also don't understand the benefit of having a script that is
"intrusive" also be a "discovery" scan. If it is "intrusive" then I
don't want it running if I am only asking for "discovery."
They should be either "discovery" and relatively benign or "intrusive"
and used with intent.
Explain the logic between having a script in both categories. Maybe I
just don't "get it."
This is a good point; however, Fyodor mentioned to me that more expressiveness
could be added to script selection, which will alleviate this.
I personally don't see a problem with a script being in Discovery and
Intrusive. Take zoneTrans for example: it certainly has the "discovery"
aspect to it, but it's also a bit "intrusive". The intrusiveness in this
respect isn't saying "this script is malicious", just that "this script goes a
bit further than some administrators might like."
However, there is currently no way to say "I want a Discovery script that is
not Intrusive," which, as you mentioned, can pose a problem in situations.
Another threat-level category could be added for scripts that are "used with
intent," but that could easily get confusing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org
Re: [RFC] NSE Re-categorization - Vulnerability category Tom Sellers (Jun 13)
Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)