Re: addition to -sV service detection switch

[MadHat <madhat () unspecific com>]

On Mar 26, 2004, at 9:44 PM, Cemil Degirmenci wrote:
> Hello,
>
> i just had some ideas to enhance the -sV switch.
>
> I will make an example for dns here:
>
> On Most DNS-Servers it is possible to get the Version by query the 
> chaos   txt version.bind record like this:
>
> cemil@fusie:~$ host -c chaos -t txt version.bind ns1.wavecon.de
> Version.bind text "Served by POWERDNS 2.9.15 $Id: packethandler.cc,v 
> 1.22 2004/01/17 13:18:22 ahu Exp $"
>
> Experiences show that this query is in 98% of all cases right (no, 
> this is not a representative value - i just appraise it ;-) )
>
>
> Same things could be done with HTTP ( query "HEAD / HTTP/1.0"  and do 
> some regexp)
>
> After a look at the nmap-service-probes file i saw that it seems not 
> to  fit into the existing system... So - what do you think of that? 
> Does it make sence? Or should there be an own switch like "-svV" :)

What would be the difference from the existing probes?  I know on the 
http probes I discussed other requests methods and the reason GET was 
used first is that more servers respond to it than any other web server 
"verb".


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org