Nmap Development mailing list archives
Re: [RFC] NSE Re-categorization
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 18 Jun 2008 17:22:45 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DePriest, Jason R. wrote:
What might be nice is a hierarchy to show which safer tests are subsets of more "dangerous" or at least more involved tests. Something like this: /-> malware->\ / \ safe --> discovery --> version --> vuln ----->|-> intrusive \ / \-> auth --->/ with demo and default on their own A script like netbios-smb-os-discovery.nse does a lot of work. It's almost intrusive, but probably just a discovery. The diagram helps me figure out where it should go and "version" seems fine in that context since it does more than a simple discovery and you don't want to run it without asking for version detection.
Interesting!
I also don't understand the benefit of having a script that is "intrusive" also be a "discovery" scan. If it is "intrusive" then I don't want it running if I am only asking for "discovery." They should be either "discovery" and relatively benign or "intrusive" and used with intent. Explain the logic between having a script in both categories. Maybe I just don't "get it."
This is a good point; however, Fyodor mentioned to me that more expressiveness could be added to script selection, which will alleviate this. I personally don't see a problem with a script being in Discovery and Intrusive. Take zoneTrans for example: it certainly has the "discovery" aspect to it, but it's also a bit "intrusive". The intrusiveness in this respect isn't saying "this script is malicious", just that "this script goes a bit further than some administrators might like." However, there is currently no way to say "I want a Discovery script that is not Intrusive," which, as you mentioned, can pose a problem in situations. Another threat-level category could be added for scripts that are "used with intent," but that could easily get confusing. Opinions anyone?
-Jason
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSFmKtP9K37xXYl36AQIvYg/+LucN0iBZydu7+PhGD3tkD9ANGfUq/I5z K1q+uNrjkHf0E/dLeLvnXh189GPLyBjVP58zOJ3vMs8B8l2mIHhg9NPoyMz5oo/i MFkIDe9bVYy9hYd2PAz8FXu1WQv6AI9jtw77E9kFXquGVUY1wYs3GJ+pJs2doev9 pH2Fr800DY9+uWQ1gSwMXHm32EBZvJHbaGLBPjXue4064uY9tSF80PQ0kapsY+rY puA1EDQ2dthImEq52cU0NnizpKGwTQ2VHFJT2hO12V2RlYSKGAhMeUenOG6dbAmR sTRUx9wKj4om7kNbaY7fiDQ6SIMpe9Aei7v2ktbjg5uAY1gSrHQb2fKUxffm9FXE 1DdWJxuoV+Dtqkn35WBkTaS3DGQgo9jVtzPhp2HPylHwGxAwVStiKsQkp6ShE7eG y2WkpRF8zTn2jT2ZVK/M+ZEuNr4bSPZ39NVPp7DIE1nbjEwikRUEsFR4z6zAq/cX 4ZqAbBxoXOLjBtM4KrnXQ9+OGPsvFkzEYRXfjqYqxsB0umvX5iGz/WETbFF0ZU68 SHqlxHZUd/adR2eDhdvx4bnBqkHEFfFTjGat69S1MSK4vjPRQ+U+iHwef687Vb3W 6+42dEF1uA7IK9ipaI+Lshky1Zny/qdNHTHhyEcgMICZ6iszCpBAo7zmNWgpbb8I UOuuLEoUfi4= =7JsC -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [RFC] NSE Re-categorization, (continued)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
- Re: [RFC] NSE Re-categorization Arturo 'Buanzo' Busleiman (Jun 14)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 14)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization Tom Sellers (Jun 18)
- Re: [RFC] NSE Re-categorization DePriest, Jason R. (Jun 18)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization DePriest, Jason R. (Jun 18)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization jah (Jun 18)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 28)