Nmap Development mailing list archives
Re: UDP payloads
From: David Fifield <david () bamsoftware com>
Date: Fri, 3 Jul 2009 21:04:14 -0600
On Fri, Jul 03, 2009 at 09:24:51PM -0500, Tom Sellers wrote:
David Fifield wrote:.... I have in a branch code that sends protocol payloads for ports 53, 123, 137, 161, and 1434. svn co --username guest --password "" svn://svn.insecure.org/nmap-exp/david/nmap-payloads The payloads are taken from nmap-service-probes. They are:... I'm not an expert at any of the protocols above. So my question is, are any of these probes too intrusive to be sent by default with every ping or port scan probe? I'd like a yes/no for each of them before merging the branch. For a couple of these we have options: port 53 also has DNSVersionBindReq and port 161 also has SNMPv1public.The SNMPv3GetRequest is safe, but I would expect that the SNMPv1public probe would be much more likely to elicit some result given the broad deployment of SNMPv1 vs SNMPv3.
Thanks Tom. I chose the SNMPv3GetRequest because it was better in the ping probe tests, finding 24.2% of up hosts versus 19.8% for SNMPv1public. In http://www.bamsoftware.com/wiki/Nmap/EffectivenessOfPingProbes#a-20090525 -PU161-payload1 is SNMPv1public and -PU161-payload2 is SNMPv3GetRequest. Maybe it's because SNMPv1public only works with a community string of "public"? I don't see a community string in SNMPv3GetRequest. I forgot to mention, for those who want to check out the probes, you can do so with this command: ./nmap -sU -p 53,123,137,161,1434 If you capture the packets with Wireshark, then the protocols will be dissected and you can see what each payload means. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- UDP payloads David Fifield (Jul 03)
- Re: UDP payloads Tom Sellers (Jul 03)
- Re: UDP payloads David Fifield (Jul 03)
- Re: UDP payloads Luis M. (Jul 04)
- Re: UDP payloads David Fifield (Jul 04)
- Re: UDP payloads kx (Jul 04)
- Re: UDP payloads David Fifield (Jul 04)
- Re: UDP payloads David Fifield (Jul 22)
- Wireshark dissections of proposed UDP payloads David Fifield (Aug 10)
- Re: Wireshark dissections of proposed UDP payloads David Fifield (Aug 19)
- Re: Wireshark dissections of proposed UDP payloads Henri Salo (Aug 19)
- Re: UDP payloads Tom Sellers (Jul 03)