Nmap Development mailing list archives
Re: [BUG] Exclusions directive not honored by NSE version detection
From: Fyodor <fyodor () insecure org>
Date: Sun, 20 Jun 2010 12:08:48 -0700
On Thu, Jun 17, 2010 at 05:41:37PM -0500, Kris Katterjohn wrote:
I have never had a grasp on the inner workings of NSE, but couldn't it just not pass the excluded ports to scripts in the version category?
That would work too, but I think it has disadvantages: o Makes the functionality more "mysterious" since the working is in the engine and isn't reflected in the scripts. So you have to know about this implicit NSE rule, versus being able to see the behavior in scripts. o Potential issues with the scripts we have which are in "version" and other categories too (db2-das-info, db2-info). o Prevents non-version scripts from making use of the excluded ports data. Also prevents version scripts from overriding it (though I doubt they will want to anyway). I think the implicit approach would be better if we had a huge number of version scripts. But the number of that scripts is small enough (and expected to remain that way) that I think it is better to put the behavior explicitly in the scripts rather than adding special magic behavior to the engine.
Then the --allports option can be used to change this just like for service detection.
The --allports option should still work with Djalal's patch too. Note: + // check if the allports option was used + if (o.override_excludeports) + return 0; Although I actually think it would be cleaner if we just didn't store the Excluded ports (e.g. see line 1079 of service_scan.cc) in the first place when --allports are used. I think that would be better than having to remember to always test o.override_excludeports specifically when we want to check exclude ports. But its not a big deal. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [BUG] Exclusions directive not honored by NSE version detection, (continued)
- Re: [BUG] Exclusions directive not honored by NSE version detection David Fifield (May 17)
- Re: [BUG] Exclusions directive not honored by NSE version detection Tom Sellers (May 22)
- Re: [BUG] Exclusions directive not honored by NSE version detection Fyodor (May 24)
- Re: [BUG] Exclusions directive not honored by NSE version detection Patrik Karlsson (May 24)
- Re: [BUG] Exclusions directive not honored by NSE version detection Tom Sellers (May 22)
- Re: [BUG] Exclusions directive not honored by NSE version detection David Fifield (May 17)
- Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 17)
- Re: [BUG] Exclusions directive not honored by NSE version detection Kris Katterjohn (Jun 17)
- Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 17)
- Re: [BUG] Exclusions directive not honored by NSE version detection Kris Katterjohn (Jun 17)
- Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 19)
- Re: [BUG] Exclusions directive not honored by NSE version detection Kris Katterjohn (Jun 19)
- Re: [BUG] Exclusions directive not honored by NSE version detection Fyodor (Jun 20)
- Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 20)
- Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 20)
- Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 29)
- Re: [BUG] Exclusions directive not honored by NSE version detection Kris Katterjohn (Jun 17)
- Re: [BUG] Exclusions directive not honored by NSE version detection Kris Katterjohn (Jun 21)
- Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 26)