I just committed a modification in find_service which I do not fully
trust.
There was a bug in it on Linux 2.2 which prevented the detection of
the "Time" service. When we sent "GET / HTTP/1.0" on the socket, the
system returned an EPIPE error; afterwards, the read got EPIPE instead
of the expected 4 bytes.
So, now, if the "transport" is IP (i.e. not SSL/TLS), find_service
tries a select() and if data are available for reading, it just read
them without sending the GET request.
This should be better:
- Works on Linux 2.2
- Less dangerous
- Maybe quicker
However, there might be a subtle bug that I did not expect. If you
see services disappearing, warn us.
I also enabled the "TCP wrapper detection" source, but the feature is
disabled by default (timeout = 0) because it is slow.
If you want to test it, enter a positive value in "Wrapped service
read timeout".
Any results (good or bad) are interesting.
Note that "wrapped" services are not put into the Services/unknown
list.
All this code can be removed by undefining DETECT_WRAPPED_SVC and
SMART_TCP_RW at the beginning of find_service.c
--
mailto:arboi@bigfoot.com
GPG Public keys: http://michel.arboi.free.fr/pubkey.txt
http://michel.arboi.free.fr/ http://arboi.da.ru/
FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/
trust.
There was a bug in it on Linux 2.2 which prevented the detection of
the "Time" service. When we sent "GET / HTTP/1.0" on the socket, the
system returned an EPIPE error; afterwards, the read got EPIPE instead
of the expected 4 bytes.
So, now, if the "transport" is IP (i.e. not SSL/TLS), find_service
tries a select() and if data are available for reading, it just read
them without sending the GET request.
This should be better:
- Works on Linux 2.2
- Less dangerous
- Maybe quicker
However, there might be a subtle bug that I did not expect. If you
see services disappearing, warn us.
I also enabled the "TCP wrapper detection" source, but the feature is
disabled by default (timeout = 0) because it is slow.
If you want to test it, enter a positive value in "Wrapped service
read timeout".
Any results (good or bad) are interesting.
Note that "wrapped" services are not put into the Services/unknown
list.
All this code can be removed by undefining DETECT_WRAPPED_SVC and
SMART_TCP_RW at the beginning of find_service.c
--
mailto:arboi@bigfoot.com
GPG Public keys: http://michel.arboi.free.fr/pubkey.txt
http://michel.arboi.free.fr/ http://arboi.da.ru/
FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/