mailing list archives
Re: regarding set_port_version probestates
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Sat, 1 Jan 2011 15:47:13 +0200
Also, can I state such assumptions from when I am running nmap from
the command-line. If I am looking for a gnutella server I might want
to assume that all open ports are gnutella servers, or maybe my friend
told me to scan his gnutella server on some funny port.
On Sat, Jan 1, 2011 at 2:40 PM, Toni Ruottu <toni.ruottu () iki fi> wrote:
I am trying to find a way to express protocol/version assumptions from
NSE scripts. Sometimes exploring host A reveals information about host
B. For example host A could be running Gnutella and it might tell me
it is connected to host B's port 12345. This information justifies
running any gnutella protocol scripts against B:12345, but it does not
justify reporting B:12345 as being open nor does it justify reporting
that B:12345 is a gnutella server. A could be evil or broken.
Ofcourse, if we get to run gnutella scripts against B:12345 we may be
able to identify it as open or gnutella. On the other hand reporting
these assumptions to user may be useful as long as it is made clear
that they might be wrong. Can I use one of the probestates for this?
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/