Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [PATCH] Update to nmap-rpc
From: David Fifield <david () bamsoftware com>
Date: Wed, 23 Mar 2011 20:15:11 -0700

On Thu, Mar 10, 2011 at 04:16:47PM -0600, Daniel Miller wrote:
On 03/10/2011 03:48 PM, David Fifield wrote:
On Wed, Mar 09, 2011 at 01:49:31PM -0600, Daniel Miller wrote:
Hi list,

I've attached a diff for the nmap-rpc file based on the latest
assignments. RFC 5531 switched authority for assignments from Sun to
IANA, and they have an XML feed of the latest (2010-06-16)
assignments. Many of these were the same, a few had new information,
and some were new. By my count, I modified 42 lines (adding
information only, not removing) and added 1270 (not including some
documentation at the top).

To make it easier for others to check my work, I'll also attach the
python script I used to parse the IANA XML.
Thanks Daniel! This is great.

I'm trying to reproduce your output to make this easy to update in the
future. How much manual editing did you have to do of the output? The
first line of output is

pmapprog        100000  portmap rpcbind #portmapper

while in the diff you sent, it's

rpcbind         100000  portmap sunrpc rpcbind #portmapper

Currently the line is

rpcbind         100000  portmap sunrpc rpcbind

David Fifield

I did a fair amount of manual editing, always assuming that the Nmap
information was accurate as seen "in the field." I used the attached
Perl script to produce a semi-merged version. It preserves ordering
by program number. Conflicting lines are printed side-by-side, with
the one coming from "newrpc" (the generated file) prefixed with ">".
Then I just searched through the file for /^>/ and made manual
decisions from then on. My basic criteria for merging were:

   * Keep Nmap's name for the service (since most were ones I
     recognized as accepted)
   * Any new names or aliases that differed in more than just "*d" or
     "*prog", add as new aliases
   * If the comment was more than just the name spelled out (i.e.
     ypservd #yp server daemon), add the comment to the end
   * If there is an existing comment, preserve it.

I adapted your rpctonmap.py to automate some of this. I attached the new
script, nmap-rpc-merge.py. I used it to generate a new nmap-rpc and
committed it. Thanks for taking the initiative to make these changes and
explain your method.

I wish there was an easy way to update this, but since the IANA list
hadn't changed since June 2010, it shouldn't be too often that it
needs to be done. Also, I was disappointed with the quality of the
IANA list (misspelled words, strange naming convention, etc.)

I was disappointed too. I fixed one thing manually:
    <record>
      <value>100147</value>
      <name>amiaux # BER and DER<br/>encode and decode</name>
          <xref type="rfc" data="rfc5531"/>
    </record>
I didn't find an address to send bug reports to.

David Fifield

Attachment: nmap-rpc-merge.py
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]