Nmap Development mailing list archives
Re: New script names
From: Fyodor <fyodor () insecure org>
Date: Thu, 6 Nov 2008 13:58:38 -0800
On Wed, Nov 05, 2008 at 10:12:43PM -0700, David Fifield wrote:
ircZombieTest => irc-zombie
The description on this one is: "If port 113 responds before we ask it then something is fishy. Usually this means that the host is an IRC zombie." Presumably spammers and privacy-included IRC users and other parties use these sorts of fake identd applications. So unless people really believe that IRC zombies constitute 95%+ of the instances of this, maybe this script should focus on fake identd aspect rather than making the leap to IRC zombies. So for now I've changed the name to 'auth-spoof' and the description to: "Tests whether an identd (auth) server responds with an answer before we even send the query. This sort of identd spoofing can be a sign of malware infection though it can also be used for legitimate privacy reasons." I've also improved the output a bit. Of course I'm always open to discussion if anyone proposes a better name or description. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: New script names, (continued)
- Re: New script names Patrick Donnelly (Nov 11)
- Re: New script names sara fink (Nov 12)
- Re: New script names Ron (Nov 12)
- Re: New script names David Fifield (Nov 12)
- Re: New script names Ron (Nov 12)
- Re: New script names Richard Moore (Nov 12)
- Re: New script names Arturo 'Buanzo' Busleiman (Nov 12)
- Re: New script names sara fink (Nov 12)
- Re: New script names Patrick Donnelly (Nov 12)
- Re: New script names sara fink (Nov 12)
- Re: New script names Dirk Loss (Nov 06)
- Re: New script names Fyodor (Nov 07)
- Re: New script names Fyodor (Nov 07)
- Re: New script names Vlatko Kosturjak (Nov 07)
- Re: New script names David Fifield (Nov 17)
- Re: New script names bensonk (Nov 07)