Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HP-PJL softmatch line

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 9 Jun 2010 23:26:45 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 9 Jun 2010 16:20:10 -0700
Fyodor <fyodor () insecure org> wrote:


On Sat, Jun 05, 2010 at 01:12:43PM -0500, Tom Sellers wrote:

I would like some feedback on following HP-PJL softmatch line:

# We don't want to send a bunch more probes that will be printed
softmatch hp-pjl m|^| i/hp-pjl probe got something back/

In my scanning scenario, scanning all ports and using --version-all,
it is generating numerous hits and changing the service field to
hp-pjl.  There are many cases, for example ports 21 and 80, where
that changes what scripts trigger against a port.


Hi Tom.  That line (along with the HP-PJL probe it corresponds to was
added last august (r15334).  The commit comment says the probe "is
inactive at the moment because its ports 9100-9107 are in the default
Exclude list. (In fact, they are the default exclude list.) Users will
have to comment out the Exclude line to test these."

But it may have been forgotten that the probe will still be tried for
non-blocked ports after all the "probable ports" are tried and failed,
if you use --version-all.  That option is needed because the rarity
value for this probe is 9.

This softmatch is clearly problematic, as your tests show.  And nobody
has defended this signature in the last 4 days, so I'll comment it
out.  I suppose it might be useful for someone to enable in cases
where they are intentionally testing hp-pjl ports.

Anyway, thanks for the report!  Sometimes people ignore small/obscure
issues like this, but it is better to get them fixed.

Cheers,
-F



This has been in the back of my head as a "to fix" too.  At the time it
seemed reasonable but I think we meant it primarily for debugging.  I'm
glad to see it commented out, I was going to do that myself one of
these days.

My production campus Nmap scanning has been broken for some unknown
reason involving network equipment oddities so I haven't been staying
on top of these things as well.  Troubleshooting is ongoing...

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)

iEYEARECAAYFAkwQIzsACgkQqaGPzAsl94Ke6QCdGChFBGJu6FOwHX/tu0rIy2KG
9hYAoMUhgKqRF2ufEfFlvko+vV65dH6D
=Izhw
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: