Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: UDP payloads
From: David Fifield <david () bamsoftware com>
Date: Sat, 4 Jul 2009 07:30:39 -0600

On Sat, Jul 04, 2009 at 11:35:07AM +0200, Luis M. wrote:
David Fifield wrote:
During the ping probe effectiveness research, we found that UDP probes
that have a payload work better than those without, and probes with a
payload specific to the protocol work better still. As well as being
more effective for host discovery, meaningful payloads sometimes allow a
port to be classified as open rather than open|filtered.

I have in a branch code that sends protocol payloads for ports 53, 123,
137, 161, and 1434.
    svn co --username guest --password "" svn://svn.insecure.org/nmap-exp/david/nmap-payloads
The payloads are taken from nmap-service-probes. They are:

53: DNSStatusRequest "\0\0\x10\0\0\0\0\0\0\0\0\0"
123: NTPRequest 
"\xe3\x00\x04\xfa\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc5\x4f\x23\x4b\x71\xb1\x52\xf3"
137: NBTStat "\x80\xf0\0\x10\0\x01\0\0\0\0\0\0\x20\x43\x4bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0\x21\0\x01"
161: SNMPv3GetRequest 
"\x30\x3a\x02\x01\x03\x30\x0f\x02\x02\x4a\x69\x02\x03\0\xff\xe3\x04\x01\x04\x02\x01\x03\x04\x10\x30\x0e\x04\0\x02\x01\0\x02\x01\0\x04\0\x04\0\x04\0\x30\x12\x04\0\x04\0\xa0\x0c\x02\x02\x37\xf0\x02\x01\0\x02\x01\0\x30\0"
1434: Sqlping "\x02"

This could also be useful for Nping in UDP mode. I'll add it to the TODO
list. I could add a flag, something like --proto-payload, that adds
those payloads based on target port numbers. What do you think?

It sounds like a good idea, because without a payload I don't think
these services will send back a response.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault