Nmap Development mailing list archives
Re: HP-PJL softmatch line
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 9 Jun 2010 23:26:45 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 9 Jun 2010 16:20:10 -0700 Fyodor <fyodor () insecure org> wrote:
On Sat, Jun 05, 2010 at 01:12:43PM -0500, Tom Sellers wrote:I would like some feedback on following HP-PJL softmatch line: # We don't want to send a bunch more probes that will be printed softmatch hp-pjl m|^| i/hp-pjl probe got something back/ In my scanning scenario, scanning all ports and using --version-all, it is generating numerous hits and changing the service field to hp-pjl. There are many cases, for example ports 21 and 80, where that changes what scripts trigger against a port.Hi Tom. That line (along with the HP-PJL probe it corresponds to was added last august (r15334). The commit comment says the probe "is inactive at the moment because its ports 9100-9107 are in the default Exclude list. (In fact, they are the default exclude list.) Users will have to comment out the Exclude line to test these." But it may have been forgotten that the probe will still be tried for non-blocked ports after all the "probable ports" are tried and failed, if you use --version-all. That option is needed because the rarity value for this probe is 9. This softmatch is clearly problematic, as your tests show. And nobody has defended this signature in the last 4 days, so I'll comment it out. I suppose it might be useful for someone to enable in cases where they are intentionally testing hp-pjl ports. Anyway, thanks for the report! Sometimes people ignore small/obscure issues like this, but it is better to get them fixed. Cheers, -F
This has been in the back of my head as a "to fix" too. At the time it seemed reasonable but I think we meant it primarily for debugging. I'm glad to see it commented out, I was going to do that myself one of these days. My production campus Nmap scanning has been broken for some unknown reason involving network equipment oddities so I haven't been staying on top of these things as well. Troubleshooting is ongoing... Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) iEYEARECAAYFAkwQIzsACgkQqaGPzAsl94Ke6QCdGChFBGJu6FOwHX/tu0rIy2KG 9hYAoMUhgKqRF2ufEfFlvko+vV65dH6D =Izhw -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- HP-PJL softmatch line Tom Sellers (Jun 05)
- Re: HP-PJL softmatch line Fyodor (Jun 09)
- Re: HP-PJL softmatch line Brandon Enright (Jun 09)
- Re: HP-PJL softmatch line Fyodor (Jun 09)