architecture: device vs service

[Willem <gwillem () gmail com>]

What is the best practice on identifying devices that consist of
otherwise autonomous components? For example, the Sitecom WL-404 ip
cam. The latest nmap reports OS (linux 2.6.X) and port 80 service
(thttpd 2.25b) correctly but obviously there's more for nmap to
discover.

An approach taken from nmap-service-probes (eg. the NSLU2 match), is
to abuse the service detection and overrule the thttpd match with a
Sitecom WL-404 match [1] but this looks like a Bad Idea. IMHO, it
makes more sense to rename device-type to device-group and introduce
device-type for specific brand/model/version info about the appliance,
while leaving the service information intact.

//Willem

[1]
+match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: thttpd/2.25b
29dec2003\r\n.+var MODEL = "WL-404"|s p/Sitecom ip cam/ v/WL-404/
d/webcam/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: thttpd/(\d[-.+\w]+)
([\w?]+)\r\n| p/thttpd/ v/$1 $2/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/