Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [PATCH] Always list SSL in case any SSL connection succeeded
From: Kristof Boeynaems <kristof.boeynaems () gmail com>
Date: Tue, 24 Feb 2009 22:34:59 +0100

Kristof Boeynaems wrote:
David Fifield wrote:
One more thing: In the test you described, the output should be
"ssl/unknown?", not "ssl/unknown". Leaving off the question mark makes
it look as if the port was positively identified. It's confusing in this
case because the port is named "unknown", but that name comes from the
nmap-services file. If you repeat the s_server experiment with port 80
you'll see what I mean. The output should be "ssl/http?", not "ssl/http"
or "http?".

Good point. I'll look into that once we have agreed on where we should make the change :)

Mmm, I had a look, and it seems that the behavior is slightly different than you describe. Did you really get those results after applying the patch? I am unable to reproduce those.

I believe that with the patch, the test case above will always return "ssl/unknown", no matter the port. It will always default to line 476 in output.cc, thus adding "unknown" to the "ssl/" string set earlier.

Nevertheless, if you prefer "ssl/unknown?" for these cases, we can probably change it there.

However, while "ssl/http" would indeed not be acceptable, I think "ssl/unknown" is better than "ssl/unknown?", as we are sure that there is "something" behind ssl (and we are sure that we don't know what ;)). I am afraid that displaying "ssl/unknown?" might give the impression that even the "ssl/" part is doubtful.

What do you think?



Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]