A couple of plugins read "Services/unknown". This list includes
everything that was not identified by find_service.
The plugins then process every port found, which could be long.
So there should be a way for a plugin to remove a service it just
identified from this list.
1. We might implement a hack to extract values from Services/Unknown and
add some "service_is_known" or "remove_kb_item" function; however this
would necessitate an upgrade of Nessus to be able to run the new
scripts.
2. Another way could be to add a KB item for every known service,
e.g. something like
"Identitified/tcp/119" = "Proto=NNTP;Server=INN"
This would not prevent get_kb_item("Services/unknown") from returning
the whole list, but it could be processed more quickly.
Hack #2 has another advantage: it could improve cooperation between
plugins.
For example, some services open a port where they speak a complex or unknown
protocol, a web interface. We can easily identify the www server; this
would allow us to suggest that the other port is running the
[whatever] service.
--
mailto:arboi@bigfoot.com
GPG Public keys: http://michel.arboi.free.fr/pubkey.txt
http://michel.arboi.free.fr/ http://arboi.da.ru/
FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/
everything that was not identified by find_service.
The plugins then process every port found, which could be long.
So there should be a way for a plugin to remove a service it just
identified from this list.
1. We might implement a hack to extract values from Services/Unknown and
add some "service_is_known" or "remove_kb_item" function; however this
would necessitate an upgrade of Nessus to be able to run the new
scripts.
2. Another way could be to add a KB item for every known service,
e.g. something like
"Identitified/tcp/119" = "Proto=NNTP;Server=INN"
This would not prevent get_kb_item("Services/unknown") from returning
the whole list, but it could be processed more quickly.
Hack #2 has another advantage: it could improve cooperation between
plugins.
For example, some services open a port where they speak a complex or unknown
protocol, a web interface. We can easily identify the www server; this
would allow us to suggest that the other port is running the
[whatever] service.
--
mailto:arboi@bigfoot.com
GPG Public keys: http://michel.arboi.free.fr/pubkey.txt
http://michel.arboi.free.fr/ http://arboi.da.ru/
FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/