Nmap Development mailing list archives
Re: Quake 3 query script submission
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Mon, 25 Jan 2010 06:25:32 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 24 Jan 2010 17:05:55 -0600 or thereabouts Mak Kolybabi <mak () kolybabi com> wrote:
On 2010-01-18 12:35, David Fifield wrote:If you know of a probe for server status or something like that, send it to us and we may add it to nmap-service-probes. If it's a safe probe without side effects, we can add it to the UDP payloads list too. That will make scanning for game servers quick and accurate.I've decided to give up on that script. Instead, as suggested, I've made a number of service probes that can detect the game servers. For example: PORT STATE SERVICE VERSION 26000/udp open nexuiz Nexuiz 27960/udp open urbanterror Urban Terror ioQ3 1.35urt freebsd-amd64 Sep 6 2009 The patch for nmap-service-probes is attached. The ports defined for these probes are usually the default ports the servers use, with some wiggle room on either side. These probes should not have any side effects. -- Matthew Anthony Kolybabi (Mak)
Hi Mak, Overall this patch looks pretty good. I have a couple of questions though. First, you changed the generic Quake 3 match to a softmatch. Is the idea here that we can get fingerprints for more specific matches? Also, on all of your Quake3 and Quake2 probe matches, you don't use any anchors. Previous testing has shown matches without anchors are a few orders of magnitude slower. For example: match nexuiz m|\\gamename\\Nexuiz| p/Nexuiz/ If you could do something like m|^\xff+\\gamename\\Nexuiz| the match would be much, much faster. What sort of content are you matching against here? If the best that can be added is .* then there is no point. Missing anchors is not a show-stopper but if we can do better, we should. Regards, Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAktdOWQACgkQqaGPzAsl94Kx/gCfa7CAcxJ+fjRTVg18h9aDty9l E10AoMSulx1RXfWkqUfEXZAqTibqtyFt =oiMS -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Quake 3 query script submission Mak Kolybabi (Jan 16)
- Re: Quake 3 query script submission Fyodor (Jan 17)
- Re: Quake 3 query script submission Mak Kolybabi (Jan 18)
- Re: Quake 3 query script submission David Fifield (Jan 18)
- Re: Quake 3 query script submission Mak Kolybabi (Jan 18)
- Re: Quake 3 query script submission David Fifield (Jan 18)
- Re: Quake 3 query script submission Mak Kolybabi (Jan 24)
- Re: Quake 3 query script submission Brandon Enright (Jan 24)
- Re: Quake 3 query script submission Mak Kolybabi (Jan 25)
- Re: Quake 3 query script submission David Fifield (Jan 26)
- Re: Quake 3 query script submission Mak Kolybabi (Jan 29)
- Re: Quake 3 query script submission David Fifield (Jan 29)
- Re: Quake 3 query script submission Mak Kolybabi (Jan 18)
- Re: Quake 3 query script submission Fyodor (Jan 17)