mailing list archives
Re: [RFC] NSE Re-categorization
From: jah <jah () zadkiel plus com>
Date: Thu, 19 Jun 2008 01:33:44 +0100
On 18/06/2008 23:22, Kris Katterjohn wrote:
I also don't understand the benefit of having a script that is
"intrusive" also be a "discovery" scan. If it is "intrusive" then I
don't want it running if I am only asking for "discovery."
They should be either "discovery" and relatively benign or "intrusive"
and used with intent.
Explain the logic between having a script in both categories. Maybe I
just don't "get it."
This is a good point; however, Fyodor mentioned to me that more
could be added to script selection, which will alleviate this.
I personally don't see a problem with a script being in Discovery and
Intrusive. Take zoneTrans for example: it certainly has the "discovery"
aspect to it, but it's also a bit "intrusive". The intrusiveness in this
respect isn't saying "this script is malicious", just that "this
script goes a
bit further than some administrators might like."
However, there is currently no way to say "I want a Discovery script
not Intrusive," which, as you mentioned, can pose a problem in situations.
Another threat-level category could be added for scripts that are
intent," but that could easily get confusing.
I know I've said this before, but if there was some way to ask for
degrees of certain attributes it could help in this type of
circumstance. It would probably be quite difficult to get something
like that right and it may be unmanageable with the thousands of scripts
nmap will have in the future.
Perhaps the way to go, at least for now, would be to make "Intrusive" an
exclusive category. Or perhaps disallow categories on the command line:
--script discovery, auth, -intrusive which I'm sure would be very useful
for people who are working in a production environment and scared of
bringing down the network.
I think that the current proposal for categories is a good one. I like
the idea of having not-that-many well-defined categories and I think it
will make it slightly easier to decide what to run. Perhaps it would be
a good idea to see if the current idea works or not and tweak it later
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org
Re: [RFC] NSE Re-categorization - Vulnerability category Tom Sellers (Jun 13)
Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)