mailing list archives
Re: nse unusual-port ident bug
From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 26 Nov 2011 19:07:11 +0100
Hmm, the script design seemed like a good idea at the time of the writing
but now maybe not so much.
What happens is that the script loads the nmap-services file in order to
avoid duplicating service info into a static table.
It then runs as a portrule for each open port and attempts to match the
name of the service, as discovered by the service scan, against the entry
for that port number in the nmap-services file.
In this case, the entry in nmap-services says "auth" while the
service/version scan recognizes the port as "ident".
While, to the best of my knowledge, this is essentially the same service
there's a discrepancy between the entries in the file nmap-services and
I see two different solution:
1. Make sure that the service names in the two different files are properly
2. Create an alternative smaller table in the unusual-port script that
contains a subset of the services
Not sure how to proceed here, ideas and feedback is welcome.
On Sat, Nov 26, 2011 at 5:37 PM, Josh Greenwood <joshgreenwood () gmail com>wrote:
unusual-port is reporting that ident on tcp/113 is unexpected.
./nmap -sS -sV --script=scripts/unusual-port.nse -p113 192.168.0.1
PORT STATE SERVICE VERSION
113/tcp open ident
|_unusual-port: ident unexpected on port tcp/113
I'm using revision 27258.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- Re: nse unusual-port ident bug Patrik Karlsson (Nov 26)