Nmap Development mailing list archives
Re: Possible new device categories for service detection
From: Fyodor <fyodor () insecure org>
Date: Sun, 8 Feb 2009 13:17:34 -0800
On Sun, Feb 08, 2009 at 07:51:45PM +0000, doug () hcsw org wrote:
What does everybody think about the following new categories? * security-camera Right now all cameras are classified as "webcam" but honestly I don't really consider things like 24-stream closed-circuit digital security recorders (DVRs) and the like to be webcams.
Hi Doug. While we could split 'webcam' into more categories, I'm not sure it is worth the extra categorization work. The Wikipedai "webcam" entry notes many types of webcams, from the security systems to video conferencing systems, traditional cheap consumer webcams, etc. It is a lot easier to label them all webcams than to try and figure out which is which for each submission we integrate. What would really help, IMHO, is a document describing how we classify each device type. That document could note that we use a broad definition of webcam.
* IDS Right now these are either security-misc or firewall. I was just wondering if a device advertises itself as an IDS if we should be more specific. I guess this would open the door to all sorts of other things though... IPS? Maybe security-misc is OK for these?
If its a firewall+ids, then I think firewall is the right choice. But if we have a decent number of standalone IDS's, I think it is reasonable and useful to split them off from security-misc. I'd say that there should be at least half a dozen devices in a category (such as IDS) in nmap-os-db and nmap-service-probes combined to warrant splitting them off. Interestingly, nmap-os-db doesn't even have a security-misc category and I don't see much in the way of IDS's from a quick grep. nmap-os-db has about a dozen devices which only exist once or twice in the file: 2 web server 2 TV 2 terminal server 2 telecom-misc 2 oscilloscope 1 server appliance 1 security system 1 projector 1 mail server 1 broadband modem 1 authentication server 1 ATM I think we should try to avoid having such tiny categories. I'm about to get rid of most of these as follows: o Put 'TV' into 'media device' o Put 'projector' into 'media device' o Put 'oscilloscope' into 'specialized' o Put 'server appliance' into 'general purpose' (its a Linux box which can do a lot, from print/file serving to firewall) o Change 'security system' to 'security-misc' (now we do have one of those in nmap-os-db)! o Put 'mail server' into 'specialized' o Change 'broadband modem' to 'broadband router' (some of the other 99 in that category may technically be "modems" too). o Change 'authentication server' to 'security-misc' o Put 'ATM' in 'specialized' That gets rid of 9 out of 12 right there. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Possible new device categories for service detection doug (Feb 08)
- Re: Possible new device categories for service detection Fyodor (Feb 08)
- Re: Possible new device categories for service detection David Fifield (Feb 08)
- Re: Possible new device categories for service detection doug (Feb 08)
- Re: Possible new device categories for service detection Brandon Enright (Feb 08)
- Re: Possible new device categories for service detection Fyodor (Feb 08)
- Re: Possible new device categories for service detection doug (Feb 10)
- Re: Possible new device categories for service detection doug (Feb 10)
- Re: Possible new device categories for service detection Fyodor (Feb 11)
- Re: Possible new device categories for service detection doug (Feb 11)
- Re: Possible new device categories for service detection David Fifield (Feb 08)
- Re: Possible new device categories for service detection Fyodor (Feb 08)
- Re: Possible new device categories for service detection David Fifield (Feb 08)
- Re: Possible new device categories for service detection Fyodor (Feb 08)