Nmap Development mailing list archives

Re: Lexmark script

From: David Fifield <david () bamsoftware com>
Date: Fri, 22 Jan 2010 17:32:20 -0700

On Wed, Jan 13, 2010 at 08:45:43PM +0100, Patrik Karlsson wrote:

The script looks good, but I want you to see if you can make it work
using the dns library. If the dns library lacks some feature that you
need, it better that we improve it centrally there.


I've modified the script to make use of the dns library and reduced
the code considerably.
It required another small patch to the dns library as the printer did
not properly populate the question section of the response. I'm
attaching this patch as part of the other patches I did to the dns
library for the dns discovery script.


I committed your dns.lua patch.

Looking at the script, it doesn't seem that the protocol uses multicast
DNS, or is any variant of Bonjour/Rendezvous/Zeroconf/DNS-SD. It looks
to me like a simple proprietary protocol using DNS as a transport. If
that's so, we can name the service hbn3, like we do for some other
protocols that run over another protocol.


the script should be naming the service as hbn3 now.

Does the printer have the same service on 5353/udp? If not, then the
script shouldn't run for that port.


I've removed the 5353 port support as the printer does not have the
same service there.


I'm confused. In the new version of this script, the portrule lets the
script run when port 9100/udp is open, but then goes on to send a probe
to 5353/udp. Which port is the service you're querying running on? What
do you get when you probe port 9100 directly?

        portrule = shortport.portnumber(9100, "udp")
        local response = try( dns.query( "", { port = 5353, host = host.ip, dtype="PTR", retPkt=true} ) )

Your previous portrule would have allowed the script to run if either
port was open, and I'm confused about which port was really being
targeted.

I know I said that the protocol didn't look like DNS-SD, but it's
strange to run something on port 5353 that's almost but not quite
DNS-SD. What does dns-service-discovery sa about this device, if
anything?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Lexmark matches and script Patrik Karlsson (Jan 04)
- Re: Lexmark matches David Fifield (Jan 12)
  - Re: Lexmark matches Patrik Karlsson (Jan 12)
- Re: Lexmark script David Fifield (Jan 12)
  - Re: Lexmark script Patrik Karlsson (Jan 13)
    - Re: Lexmark script David Fifield (Jan 22)
    - Re: Lexmark script Patrik Karlsson (Jan 23)
    - Re: Lexmark script David Fifield (Jan 29)