Nmap Development mailing list archives
Re: Possible new device categories for service detection
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sun, 8 Feb 2009 22:53:31 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 8 Feb 2009 22:41:19 +0000 or thereabouts doug () hcsw org wrote:
On Sun, Feb 08, 2009 at 03:33:45PM -0700 or thereabouts, David Fifield wrote:On Sun, Feb 08, 2009 at 01:17:34PM -0800, Fyodor wrote:o Change 'broadband modem' to 'broadband router' (some of the other 99 in that category may technically be "modems" too).When I add new fingerprints I try to use the category "broadband router" only if the device connects directly to the broadband service; i.e., it speaks ADSL or has a cable jack in back. A lot of devices sold as broadband routers are really just ordinary router/NAT devices that still need to plug in to one of the aforementioned devices; for those I use "router". But I am sure a lot of older prints don't follow this rule strictly.Interesting. I haven't been making that distinction in the service probes file. I have been considering any consumer router/NAT device designed for cable or DSL to be "broadband router" unless it has wireless capabilities, then it is a WAP. Like Fyodor suggested I will write up a short description of each of the categories and then we can revise them and make an official list. Doug
This is really a special case of the broader need to canonicalize entries in the nmap-service-probes file. I've canonicalize certain groups of items like making most (all?) SOHO routers web configuration servers be labeled with "http config" rather than all the other possible variations. We still need to canonicalize a whole bunch of entries though. Off the top of my head: * Apache version reporting (the format is inconsistent) * A bunch of company names (capitalization, spaces, etc) * Service names in v// (telnet/telnetd/Telnet, HTTP/http/httpd, etc) * OS names in o// * Device categories * Plenty of other things In the past I've resisted making broad changes unless I know the an entry is wrong or that the change is non-controversial. As long as there is a general consensus that changing a bunch of entries so that they are consistent with each other is okay then I'll be happy to canonicalize entries as I come across them. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmPYnEACgkQqaGPzAsl94JVHACfWAE7tvM62vLteOzy3At00BP5 lEIAoK9m4ZjQ+/ysvBGPMCR/cdvs5i2a =gIcv -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Possible new device categories for service detection doug (Feb 08)
- Re: Possible new device categories for service detection Fyodor (Feb 08)
- Re: Possible new device categories for service detection David Fifield (Feb 08)
- Re: Possible new device categories for service detection doug (Feb 08)
- Re: Possible new device categories for service detection Brandon Enright (Feb 08)
- Re: Possible new device categories for service detection Fyodor (Feb 08)
- Re: Possible new device categories for service detection doug (Feb 10)
- Re: Possible new device categories for service detection doug (Feb 10)
- Re: Possible new device categories for service detection Fyodor (Feb 11)
- Re: Possible new device categories for service detection doug (Feb 11)
- Re: Possible new device categories for service detection David Fifield (Feb 08)
- Re: Possible new device categories for service detection Fyodor (Feb 08)
- Re: Possible new device categories for service detection David Fifield (Feb 08)
- Re: Possible new device categories for service detection Fyodor (Feb 08)
- Re: Possible new device categories for service detection doug (Feb 08)
- Re: Possible new device categories for service detection David Fifield (Feb 20)
- Re: Possible new device categories for service detection David Fifield (Feb 20)