Hello, Here's a script that detects the 'discard' service (not currently done by find_service.nes or find_service2.nasl). Opinions ? Is the heuristic used acceptable ? I've been running it on many different hosts without a single false positive so far. Cordialement, -- Vincent Renardias <vincentat_private> # # This script was written by Vincent Renardias <vincentat_private> # # See the Nessus Scripts License for details # if(description) { script_id(95000); # FIXME script_version ("$Revision$"); script_cve_id("CAN-1999-0636"); name["english"] = "Discard port open"; name["francais"] = "Port 'discard' ouvert"; script_name(english:name["english"], francais:name["francais"]); desc["english"] = "The 'discard' port is open. This port is not of any use nowadays, and may be a source of problems, Risk factor : Low Solution : comment out 'discard' in /etc/inetd.conf"; desc["francais"] = "Le port 'discard' est ouvert. Ce port n'est plus utile de nos jours, et peut s'averer être une source à problèmes. Risk factor: Low. Solution : Désactivez le service en mettant un diese (#) devant la ligne 'discard' dans /etc/inetd.conf"; script_description(english:desc["english"], francais:desc["francais"]); summary["english"] = "Checks if the 'discard' port is open"; summary["francais"] = "Vérifie si le port 'discard' est ouvert"; script_summary(english:summary["english"], francais:summary["francais"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003 StrongHoldNet", francais:"Ce script est Copyright (C) 2003 StrongHoldNet", deutsch:"Dieses Skript ist Copyright geschützt. (C) 2003 StrongHoldNet"); family["english"] = "Useless services"; family["francais"] = "Services inutiles"; family["deutsch"] = "Nutzlose Dienste"; script_family(english:family["english"], francais:family["francais"], deutsch:family["deutsch"]); script_dependencie("find_service.nes"); script_require_ports(9); exit(0); } # # The script code starts here # include("misc_func.inc"); port = 9; # Discard is not supposed to run on any other port. if(known_service(port)) { exit(0); } # We send between 17 and 210 bytes of random data 5 times in a raw # (waiting 3 seconds between each send). # If the service is still listening without any output, we assume # that 9/tcp is running 'discard'. function check_discard(soc) { local_var i, n, res; if(!soc) { return(0); } for(i=0; i<4; i++) { sleep(3); n = send(socket:soc, data:string(crap(length:(rand()%193+17), data:string(rand())),"\r\n\r\n")); if (n<0) { return(0); } res = recv(socket:soc, length:1024, timeout:5); if(strlen(res) > 0) { return(0); } } return(1); } if(get_port_state(port)) { soc = open_sock_tcp(port); if(check_discard(soc)) { security_warning(port); register_service(port:port,proto:"discard"); if(soc) close(soc); } } exit(0);
This archive was generated by hypermail 2b30 : Wed Mar 12 2003 - 08:21:15 PST