[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nmap-dev
Subject:    Re: [PATCH] Always list SSL in case any SSL connection succeeded
From:       Kristof Boeynaems <kristof.boeynaems () gmail ! com>
Date:       2009-02-24 21:34:59
Message-ID: 49A46803.40505 () gmail ! com
[Download RAW message or body]

Kristof Boeynaems wrote:
> David Fifield wrote:
> <snip>
>> One more thing: In the test you described, the output should be
>> "ssl/unknown?", not "ssl/unknown". Leaving off the question mark makes
>> it look as if the port was positively identified. It's confusing in this
>> case because the port is named "unknown", but that name comes from the
>> nmap-services file. If you repeat the s_server experiment with port 80
>> you'll see what I mean. The output should be "ssl/http?", not "ssl/http"
>> or "http?".
>>   
>
> Good point. I'll look into that once we have agreed on where we should 
> make the change :)
>

Mmm, I had a look, and it seems that the behavior is slightly different 
than you describe. Did you really get those results after applying the 
patch? I am unable to reproduce those.

I believe that with the patch, the test case above will always return 
"ssl/unknown", no matter the port.
It will always default to line 476 in output.cc, thus adding "unknown" 
to the "ssl/" string set earlier.

Nevertheless, if you prefer "ssl/unknown?" for these cases, we can 
probably change it there.

However, while "ssl/http" would indeed not be acceptable, I think 
"ssl/unknown" is better than "ssl/unknown?", as we are sure that there 
is "something" behind ssl (and we are sure that we don't know what ;)).
I am afraid that displaying "ssl/unknown?" might give the impression 
that even the "ssl/" part is doubtful.

What do you think?

Thanks,

Kristof

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
[prev in list] [next in list] [prev in thread] [next in thread]