Nmap Development mailing list archives
Re: Re: [NSE][PATCH] OpenSSL bindings for NSE
From: "M M" <v4lkyrius () gmail com>
Date: Thu, 27 Nov 2008 21:49:20 -0500
On Mon, Sep 22, 2008 at 05:47:21PM -0600, David Fifield wrote:On Fri, Sep 19, 2008 at 09:12:24AM +0200, Sven Klemm wrote:Hi everyone, here is the latest OpenSSL bindings patch for nmap including support for multiprecision integer arithmetics, message digests, hmac, symmetric encryption, symmetric decryption. Documentation for the new functions is also included.Hi Sven. This is looking great. The documentation is especially appreciated. This module will open a lot of doors for script developers and I'd like to see it integrated.I completely agree with David here and think Sven's OpenSSL module is a winner! We just need to figure out these last nagging issues (such as how to degrade gracefully for people w/o OpenSSL). In other amusing NSE news, I just got my daily syslog report and noticed this: Protocol major versions differ for UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.5-NmapNSE_1.0 : 57 time(s) Cheers, -F
I first noticed this in auth.log when I got port scanned by a friend a while back. My firewall rules have reflected this observation ever since. Defeats the purpose of nmap, does it not? For example: pluto: # nmap -A -p 22 localhost Starting Nmap 4.60 ( http://nmap.org ) at 2008-11-26 06:05 EST Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. Interesting ports on localhost (127.0.0.1): PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.0 (protocol 2.0) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Linux 2.6.X OS details: Linux 2.6.17 - 2.6.24 Uptime: 0.217 days (since Wed Nov 26 00:52:52 2008) Network Distance: 0 hops OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.360 seconds pluto:/var/log # tail messages | grep sshd Nov 26 06:05:29 pluto sshd[7947]: Did not receive identification string from 127.0.0.1 Nov 26 06:05:30 pluto sshd[7951]: Protocol major versions differ for 127.0.0.1: SSH-2.0-OpenSSH_5.0 vs. SSH-1.5-NmapNSE_1.0 pluto:/ # iptables -I INPUT -p tcp -m string --string "NmapNSE" --algo bm -j DROP pluto:/ # iptables -I INPUT -p tcp -m string --string "NmapNSE" --algo bm -j LOG --log-prefix "n00b nmap scan: " pluto:/ # nmap -A -p22 localhost Starting Nmap 4.60 ( http://nmap.org ) at 2008-11-26 06:08 EST Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. ^C pluto:/var/log # grep n00b firewall | tail -1 Nov 26 06:08:35 pluto kernel: n00b nmap scan: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=6129 DF PROTO=TCP SPT=27995 DPT=22 WINDOW=257 RES=0x00 ACK PSH URGP=0 Frankly, I'm surprised no one has so much as mentioned this before (at least publicly, according to Google). They say discretion is the polite word for hypocrisy. ;-) Sincerely, v4lkyrius
Attachment:
SSHv1-support.nse.redpill.patch
Description:
Attachment:
SSHv1-support.nse.bluepill.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Oct 08)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Oct 08)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Oct 08)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Oct 08)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Oct 08)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Oct 08)
- <Possible follow-ups>
- Re: Re: [NSE][PATCH] OpenSSL bindings for NSE M M (Nov 27)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Nov 28)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Ron (Nov 28)
- Re: [NSE][PATCH] OpenSSL bindings for NSE M M (Nov 28)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Nov 28)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Oct 08)