Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: quake3 opportunistic portrule
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Thu, 6 Jan 2011 20:00:32 +0200

The version probe for the master server was missing. I have attached a
patch that adds the probe and a match line. After applying the patch
you should be able to identify some master servers by running nmap as
follows:

nmap -p 27950,30710 ghdigital.com dpmaster.deathmask.net
dpmaster.tchr.no dpmaster.deathmask.net master.tremulous.net
master.urbanterror.net -sU -sV -Pn

  cheers, --Toni

On Sun, Jan 2, 2011 at 6:25 PM, David Fifield <david () bamsoftware com> wrote:
On Sun, Jan 02, 2011 at 02:11:12PM +0200, Toni Ruottu wrote:
But the portrule doesn't have to be expansive in port numbers. People
should run your script in conjunction with version detection. We have
lots of match lines for quake3 servers. Just have the portrule return
true if it's one of a few known ports or the service is "quake3".

Do we have a separate service name for the master/meta server, or do
we call that quake3 too?

I don't know if there are separate names. Probably not. Just check
nmap-service-probes. If you see separate services with the same name,
send in a patch with the new name.

David Fifield

Attachment: quake3-master-probe.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault