Re: [RFC] NSE Re-categorization

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
> On Thu, Jun 12, 2008 at 05:07:27PM -0500, Kris Katterjohn wrote:
> > Along the lines of the NSE Default category, I have a new task of sort of
> > redefining the NSE categories.  This is a good time for any comments on the
> > current category system to be discussed.
>
> Hi Kris.  I thinks you have some great ideas here.  Particularly your
> main goals.  I have comments on a few of your ideas:
>
> > I think "safe" and "intrusive" should be mutually-exclusive, together
> > all-encompassing categories.
>
> Sounds good.  I'm a little concerned about the name "safe", since even
> scripts which should be completely safe can cause problems.  Just like
> "safe sex".  But the name is descriptive, and I can't think of
> anything better right now.  So it may be fine.  We may just need to be
> sure we note in the docs that people shouldn't consider them 100%
> safe.  But that we do our best to only include low-risk scripts in the
> category.

I don't really like "safe" either, but I was also unable to think of anything
better.

> > I think "backdoor" should be merged into "malware".  There's no point in
> > having two basically synonymous categories.
>
> Yeah.  There is a slight risk that people will think that "malware"
> means scripts which are malicious, rather than scripts meant to detect
> malicious activity.  But good documentation should help there.

Agreed.

> > I initially thought that the "discovery" category should be dropped.  Is there
> > an NSE script which isn't really discovering something?  But Brandon pointed
> > out that it could just be renamed, and that the name could convey something
> > along the lines of "extra information".  I can't really think of a good name
> > for it, however.
>
> Maybe.  Though I don't mind the discovery name.  I think it of scripts
> which discover general information about the network (e.g. smtp
> commands or whois information) rather than those which test for a
> specific vulnerability or try brute force login or the like.

That makes sense, but if a better name comes up I'd still like to switch it.

> > How about a new "credential" (or "login") category?  This can be used for NSE
> > scripts which attempt a login, such as anonFTP, bruteTelnet, and HTTPAuth.
>
> Or maybe authentication?

Or maybe just "auth"?  I think "authentication" is a bit long, and I don't
think "auth" can get confused with anything else.  But then again,
"vulnerability" is long as well.

Aside from this, I don't have a strong opinion on any of the three.  I think
the category should exist, but I'll be happy with any of them.  I guess we can
just tally any votes, unless you feel particularly strong about one.

> Cheers,
> -F

Thanks,
Kris Katterjohn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSFIIpv9K37xXYl36AQI02A/+KOKOXheXR9TdlEEajt0xn0ECmgv7Arvb
nXwGRaGhTfq2n5jdYx5Ma1SWYdOE5+fhdaZIgBtKKriw4yU8d4bB/fboagw4exzV
8dQltKch0N6rnvQUnQk+sIgSwM87PEleLEsUaTK1KFvmyzJN6gcfnolCaBbXKABM
NNnFQ6xxi1p/w4kN0PY27XeTbohQtrDGuuTTryxGaMb7dQZDVniDb3STMBZa6uRU
/IlKpctXEmx++4shDDkl1qX5DIGZM651I58YjpukSBosn0A7EtSvVjcoyARY80j1
MKhhUNaiJSEFwH5mF5RzLdGUiZaTKR0HuoxEZvTowpluKOii6yHIYOxDOd1SHMDh
ARjHsI7R5RkkVSjl7lqS0AiB8zpQvjID3M+GC1+csfdgb61uOLm+/BvW90ApH796
UkxlgtWo8APjgQx9pvU4CT1f4bTRjCb/+KGVTURmKFFjrFpcb9EIxiG2Iz+qhmJx
27HK/VZ1xtZrCXapqVb/24toSeq0jhkIjJ7sRtLfCGRPz8wNKz9qdn3NShmVDhvj
/2A0UYqqRcQGgTFV9OwPBFdAZ6ItY2ALIr9VacYUuPk1l72MLCZ9el/bbjc/a5Py
91A4u8TNFwsEMFU2Xso1bmZ1/uucoIh5aNkl0oLkyuPW6surdQ8ENXqXM/Rd9n1v
+tkKbKHph9U=
=zGwR
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org