Re: quake3 opportunistic portrule

[David Fifield <david () bamsoftware com>]

On Thu, Jan 06, 2011 at 09:47:53PM +0200, Toni Ruottu wrote:
> The master server is not game specific. I am calling it quake3-master
> because I got the impression that Quake3 was the first game to use the
> protocol. The magic number 68 (in the probe) is the protocol version
> of the game we are requesting server addresses for. I am using 68 as
> that seems to be most common on the original quake3 master server. I
> tried out all protocol numbers up to 100 to measure this. There are
> also non-numeric versions, like "Nexuiz 3". These are harder to
> analyse.
>
> I am working on some discovery scripts that do further analysis on
> both the master servers and actual quake3 servers. I am not aware of
> any other master server commands, and the response to getservers only
> contains ports and IP addresses for game servers of the requested
> version.

I found some docs here:

http://svn.icculus.org/twilight/trunk/dpmaster/doc/techinfo.txt?revision=10433&view=markup
ftp://ftp.idsoftware.com/idstuff/quake3/docs/server.txt

I agree that there doesn't look to be much room for protocol variation.
(An exception appears to be the getserversExt command supported by this
dpmaster.) But it also looks like it would be beneficial to try many
different protocol numbers and game names, not just 68. What do you
think about making this a "version" category NSE script, which sends
whatever you think are the most likely game names/protocol numbers and
sets the version to "quake3-master" on the first response?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/