Nmap Development mailing list archives
architecture: device vs service
From: Willem <gwillem () gmail com>
Date: Sun, 6 Dec 2009 03:01:21 +0100
What is the best practice on identifying devices that consist of otherwise autonomous components? For example, the Sitecom WL-404 ip cam. The latest nmap reports OS (linux 2.6.X) and port 80 service (thttpd 2.25b) correctly but obviously there's more for nmap to discover. An approach taken from nmap-service-probes (eg. the NSLU2 match), is to abuse the service detection and overrule the thttpd match with a Sitecom WL-404 match [1] but this looks like a Bad Idea. IMHO, it makes more sense to rename device-type to device-group and introduce device-type for specific brand/model/version info about the appliance, while leaving the service information intact. //Willem [1] +match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: thttpd/2.25b 29dec2003\r\n.+var MODEL = "WL-404"|s p/Sitecom ip cam/ v/WL-404/ d/webcam/ match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: thttpd/(\d[-.+\w]+) ([\w?]+)\r\n| p/thttpd/ v/$1 $2/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- architecture: device vs service Willem (Dec 05)
- Re: architecture: device vs service Fyodor (Dec 08)