[Plugins-writers] eDonkey_detect.nasl invalid port

• Next in thread: George A. Theall: "Re: [Plugins-writers] eDonkey_detect.nasl invalid port"
• Reply: George A. Theall: "Re: [Plugins-writers] eDonkey_detect.nasl invalid port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

this plugin (11022) reported eDonkey on an invalid port (server name obscured):

Plugin output :

  Server name : xxxxx (en) (rus) (de)
  UDP port    : 306188864

I presume that the presence of a valid-looking server name in the output indicates
that eDonkey is actually present, however the port decoded in this case is definitely
wrong. Is it correct that the port is retrieved from a dword?

Maybe adding a sanity check like this would be worthwhile:

--- eDonkey_detect.nasl 2006-11-30 10:37:25.000000000 +0000
+++ eDonkey_detect.nasl 2006-12-07 10:21:11.000000000 +0000
@@ -118,6 +118,8 @@
     info += "  UDP port    : " + port + '\n';
   }

+  if (port < 65536)
+  {
   report = string(
     desc,
     "\n\n",
@@ -126,4 +128,5 @@
     info
   );
   security_note(port:port, data:report);
+  }
 }



-- 
Hubert Seiwert

Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom

Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Next in thread: George A. Theall: "Re: [Plugins-writers] eDonkey_detect.nasl invalid port"
• Reply: George A. Theall: "Re: [Plugins-writers] eDonkey_detect.nasl invalid port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Thu Dec 07 2006 - 02:43:48 PST