Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DHCP fingerprints for Polycom SoundStation IP #496

Merged
merged 1 commit into from
Oct 20, 2022
Merged

DHCP fingerprints for Polycom SoundStation IP #496

merged 1 commit into from
Oct 20, 2022

Conversation

dmoinescu-r7
Copy link
Contributor

@dmoinescu-r7 dmoinescu-r7 commented Oct 18, 2022
edited
Loading

Description

DHCP fingerprints for Polycom SoundStation IP, as observed in DHCP network traffic.

Motivation and Context

How Has This Been Tested?

Ran recog_verify, recog_standardize and update_cpes.py

Types of changes

  • New feature (non-breaking change which adds functionality)

Checklist:

  • I have updated the documentation accordingly (or changes are not required).
  • I have added tests to cover my changes (or new tests are not required).
  • All new and existing tests passed.

mkienow-r7
mkienow-r7 suggested changes Oct 18, 2022
View reviewed changes
xml/dhcp_vendor_class.xml Outdated
<param pos="0" name="hw.vendor" value="Polycom"/>
<param pos="0" name="hw.family" value="SoundStation IP"/>
<param pos="1" name="hw.model"/>
<param pos="0" name="hw.product" value="{hw.model}"/>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hw.product should be {hw.family} {hw.model} in order to match existing CPE values.

h:polycom:soundstation_ip_4000
h:polycom:soundstation_ip_5000
h:polycom:soundstation_ip_6000
h:polycom:soundstation_ip_7000

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@mkienow-r7
Copy link
Contributor

mkienow-r7 commented Oct 20, 2022
edited
Loading

The tests are failing since the example hw.product values were not updated.

$ bundle exec ./bin/recog_verify xml/dhcp_vendor_class.xml
xml/dhcp_vendor_class.xml:148: FAIL: 'Polycom SoundStation IP Phone' failed to find expected capture group hw.product '6000'. Result was SoundStation IP 6000
xml/dhcp_vendor_class.xml:148: FAIL: 'Polycom SoundStation IP Phone' failed to find expected capture group hw.product '7000'. Result was SoundStation IP 7000
xml/dhcp_vendor_class.xml: SUMMARY: Test completed with 81 successful, 0 warnings, and 2 failures

@dmoinescu-r7
Copy link
Contributor Author

dmoinescu-r7 commented Oct 20, 2022
edited
Loading

The tests are failing since the example hw.product values were not updated.

Thanks, sorry about that. I'd seen the test failures, was wondering why (I must've forgotten to re-run recog_verify after the latest updates). Fixed now

mkienow-r7
mkienow-r7 approved these changes Oct 20, 2022
View reviewed changes
Copy link
Contributor

@mkienow-r7 mkienow-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the contribution @dmoinescu-r7!

@mkienow-r7 mkienow-r7 merged commit b255643 into rapid7:main Oct 20, 2022
@dmoinescu-r7 dmoinescu-r7 deleted the dmoinescu/polycom-ssip branch October 21, 2022 09:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkienow-r7 mkienow-r7 mkienow-r7 approved these changes

@modoyle-r7 modoyle-r7 Awaiting requested review from modoyle-r7

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dmoinescu-r7 @mkienow-r7