Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Decrease rarity of TCP ms-sql-s probe #926
The file "nmap-service-probes" has the following probe:
I often see MS SQL running on non-default ports when exposed externally over TCP and it would be good if Nmap could identify it without having to specify
The UDP probe has rarity 6:
So maybe the TCP probe could have rarity 7?
referenced this issue
Jun 30, 2017
@jkryanchou "rarity" is poorly named. It ought to be something more like "threshold" because it is the level at which Nmap will send the probe to a non-ports-matching port. Some factors that go into deciding a probe's rarity are
By now, Nmap has so many different probes that most of the time adding a new one is only useful in cases of services that simply will not respond to any other probe. When these services are nearly always on the same port number, giving these new probes a high (8 or more) rarity ensures they are not sent to other ports unless the user increases
All that said, I think we can reduce this to 7. It would be the 28th probe to be sent at that level or sooner. I do ask that you help us out if you have experience finding these services:
@dmiller-nmap Thanks for your reply.
Whilst I see this often on a non-default port, I don't see it often on the same non-default port, and therefore adding extra ports will probably not be useful in this case.
In this instance, no version probe at the default intensity level elicits any response and the service is just classified as "unknown".
@dmiller-nmap OK, Thanks for your detailed answer. I have got to know what the rarity means. While Is there any continuous integration system internal for our submission fingerprint？How to set the proper rarity from those fingerprint we submitted. Any manual scripts we could probably do it by ourself locally?
Rarity level decreased to 7 in r36956 for MSSQL. For common probes setting the rarity level to 7 is fine. When the service submissions get processed the values could be adjusted if they need to be. Feel free to send any question about other service signatures that you consider should be updated.