Nmap Development mailing list archives
Re: [PATCH] Extended SSL support in Nmap, review
From: David Fifield <david () bamsoftware com>
Date: Mon, 30 Mar 2009 14:09:29 -0600
On Sun, Mar 22, 2009 at 04:26:50PM +0100, Kristof Boeynaems wrote:
Kristof Boeynaems wrote:On Tue, Mar 3, 2009 at 6:34 AM, David Fifield <david () bamsoftware com> wrote:I especially want to thank you for these test results. They are an indication of intellectual honesty and rigor as a developer. The results (with the typo correction in http://seclists.org/nmap-dev/2009/q1/0485.html), show that this SSL fix, while not urgent, is worthwhile.Thanks again. By the way, I still owe the list the results of my (little) more extensive scanning, I'll post them later on, when I have again access to the data.Here are the results of that slightly more extensive test. Note that this was still done with nmap-4.85BETA3. Command: nmap -T4 -v -n -PN -sV -p443,465,636,990,995,993 -iL <list of about 700 random SSL servers collected earlier via an iR scan> -d -oA <filename> Results: # nmap-4.85BETA3 - scanned in 1866.96 seconds - Total number of hosts with at least one port open: 611 - Total number of SSL hosts (hosts with at least one ' ssl/' result): 541 - Total of open SSL ports detected (' ssl/'): 781, - Number of open SSL ports detected and successfully investigated (' ssl/something'): 709 - Number of open SSL ports detected and not successfully investigated (' ssl/unknown'): 72 # nmap-4.85BETA3 with two extra general SSL lines in nmap-service-probes file (see below) - scanned in 1832.99 seconds - Total number of hosts with at least one port open: 615 - Total number of SSL hosts (hosts with at least one ' ssl/' result): 593 - Total of open SSL ports detected (' ssl/'): 888, - Number of open SSL ports detected and successfully investigated (' ssl/something'): 801 - Number of open SSL ports detected and not successfully investigated (' ssl/unknown'): 87
These results are impressive. I have just a few questions before integrating your nmap-service-probes patch. The TLSv1 handshake error match line is identical to a match line that already existed: # These Nessus match lines might be problematic: match ssl m|^\x15\x03\0\0\x02\x02\($| p/Nessus security scanner/ # Generic: TLSv1 Handshake error: match ssl m|^\x15\x03\0\0\x02\x02\($| p/TLSv1/ So the increase in the number of detected servers must have been completely because of the new SSLv3 ServerHello line: # Generic: SSLv3 ServerHello: match ssl m|^\x16\x03\0..\x02...\x03\0| p/SSLv3/ Is it reasonable that all the change is due to this match line? Should we just get rid of the Nessus line if we adopt this patch? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [PATCH] Extended SSL support in Nmap, (continued)
- Re: [PATCH] Extended SSL support in Nmap Kristof Boeynaems (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap Brandon Enright (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap Kristof Boeynaems (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap Brandon Enright (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap Kristof Boeynaems (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap doug (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap Kristof Boeynaems (Feb 21)
- Re: [PATCH] Extended SSL support in Nmap, review David Fifield (Mar 02)
- Re: [PATCH] Extended SSL support in Nmap, review Kristof Boeynaems (Mar 03)
- Re: [PATCH] Extended SSL support in Nmap, review David Fifield (Mar 03)
- Re: [PATCH] Extended SSL support in Nmap, review Kristof Boeynaems (Mar 22)
- Re: [PATCH] Extended SSL support in Nmap, review David Fifield (Mar 30)
- Re: [PATCH] Extended SSL support in Nmap, review Kristof Boeynaems (Mar 31)
- Re: [PATCH] Extended SSL support in Nmap, review David Fifield (Mar 31)
- Re: [PATCH] Extended SSL support in Nmap, review Kristof Boeynaems (Mar 03)