On Thu, Dec 07, 2006 at 10:42:52AM +0000, Hubert Seiwert wrote: > this plugin (11022) reported eDonkey on an invalid port (server name obscured): > > Plugin output : > > Server name : xxxxx (en) (rus) (de) > UDP port : 306188864 > > I presume that the presence of a valid-looking server name in the output indicates > that eDonkey is actually present, The plugin actually sends a Hello packet and verifies the response so it shouldn't be a false-positive. > however the port decoded in this case is definitely > wrong. Is it correct that the port is retrieved from a dword? Ah, ha! The value retrieved is actually a dword because of the type of meta tag we're looking at, but it consists of two ports: one for a KAD and another for an ED2K server. I've updated the plugin so it separates them in the report. The update should be available in a couple of hours. Let me know if that doesn't make more sense. George -- theall@private _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Thu Dec 07 2006 - 04:40:16 PST