Nmap Development mailing list archives
Re: Major SIPOptions probe reorganisation
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 20 Jun 2008 06:02:59 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 19 Jun 2008 22:31:13 -0700 or thereabouts doug () hcsw org wrote:
On second thought, maybe moving the probe up isn't a good idea since it has a rarity of 5. This means that SIPOptions will be applied before GetRequest on unknown ports which probably is undesirable. I can think of two fixes: * Move SIPOptions back down and just let GetRequest be applied to 5060 before SIPOptions
Doug, you probably know the service fingerprinting mechanism better than anyone else so I trust your judgment. If SIPOptions now has GetRequest as a fallback can't we just drop 5060 from GetRequest and SIP will be applied first before Get?
* Boost the rarity of SIPOptions
That seems like an abuse of rarity. I'd say a rarity of 5 is already pushing it. SIP really isn't *that* common.
Comments?
I think applying probes in the order that they appear in the file rather than in order of rarity should be changed. We can use their order in the file to determine probe order when two probes have the same rarity. We almost never have problems like this though so maybe it can just be left the way it is. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkhbSBoACgkQqaGPzAsl94K8mwCfaEQBsFupZb0D9Gp4pe20YZON xPIAoL4nHk325a1EGRYAF7ZfUXFDex5y =73Ab -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Major SIPOptions probe reorganisation doug (Jun 19)
- Re: Major SIPOptions probe reorganisation doug (Jun 19)
- Re: Major SIPOptions probe reorganisation Brandon Enright (Jun 19)
- Re: Major SIPOptions probe reorganisation Fyodor (Jun 19)
- Re: Major SIPOptions probe reorganisation Fyodor (Jun 19)
- Re: Major SIPOptions probe reorganisation Matt Selsky (Jun 20)
- Re: Major SIPOptions probe reorganisation doug (Jun 20)
- Re: Major SIPOptions probe reorganisation sara fink (Jun 21)
- Re: Major SIPOptions probe reorganisation Brandon Enright (Jun 19)
- Re: Major SIPOptions probe reorganisation doug (Jun 19)