|
Nmap Development
mailing list archives
Re: [NSE] http.request() ignores port.protocol and assumes "tcp" even when it's really "udp"
From: bensonk () acm wwu edu
Date: Mon, 10 Nov 2008 10:05:09 -0800
Just a thought -- I know TCP and UDP are pretty much the only protocols
that matter, but what if nmap were extended to allow more than TCP and
UDP at some point? Wouldn't it make more sense to say "if port.protocol
!= 'tcp'" instead?
Benson
On Mon, Nov 10, 2008 at 03:07:34PM +0000, jah wrote:
Hi all,
I got a result where html-title ran against UDP port 80 and returned
with an html title which it obtained by talking TCP. This occurs
because http.request() defines protocol = "tcp" but doesn't check that
port.protocol is actually tcp.
Easily fixed by returning nil from http.request() if port.protocol ==
"udp" and perhaps printing a debug info.
html-title might also be modified to avoid running for udp ports.
Do you think this is sufficient?
Regards,
jah
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Attachment:
_bin
Description:
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
| 
Intro
