Nmap Development mailing list archives
Re: nse unusual-port ident bug
From: Fyodor <fyodor () insecure org>
Date: Tue, 29 Nov 2011 18:44:31 -0800
On Sat, Nov 26, 2011 at 07:07:11PM +0100, Patrik Karlsson wrote:
In this case, the entry in nmap-services says "auth" while the service/version scan recognizes the port as "ident". While, to the best of my knowledge, this is essentially the same service there's a discrepancy between the entries in the file nmap-services and nmap-service-probes.
Regardless of the solution chosen for the unusual-port script, I think discrepancies like this should be fixed. We should pick ident or auth and stick with it. Now there may be some cases where version detection may legitimately detect a more specific version of the general service listed in nmap-services. And there are issues with how we handle tunneled services (e.g. https vs ssl/http) which we may have to eventually resolve in a different way. But in general, I think we should strive to remove discrepancies like the auth/ident issue. For now, I'll change the 'auth' entry to 'ident' in nmap-service-probes. But if folks are able to find other conflicts and submit patches, that would be great IMHO. Also, the script will probably need its own whitelist by virtue of the fact that nmap-services only gives one service per port number, yet many port numbers have numerous legitimate services listening on them. And there are services which can legitimately be found on any port number (e.g. Vuze). Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: nse unusual-port ident bug Patrik Karlsson (Nov 26)
- Re: nse unusual-port ident bug David Fifield (Nov 27)
- Re: nse unusual-port ident bug Patrik Karlsson (Nov 28)
- Re: nse unusual-port ident bug Fyodor (Nov 29)
- Re: nse unusual-port ident bug Fyodor (Nov 29)
- Re: nse unusual-port ident bug David Fifield (Nov 27)