Hi This is a resend of an earlier patch, now changed to try to correct this plugin to make it work. There are two sets of changes here, the first is absolutely required to make this plugin work - the change of "foreach p (ports)" to "foreach p (keys(ports))".
Without this first change, this plugin is completely broken and does nothing since it looks at a whole series of the value "1" to see if it matches a list of ports and, of course, it never will. The second section changes the methodology of working out if this is not a printer. The old version of the plugin exited if any unknown port was found and this would fire if anything had an active connection with the printer. The plugin now exits only if a port with a well known service is open on the target - ssh, smtp, dns, smb, ntp, https and ldap. I'm not aware of any SMB enabled printers nor of any that run ldap or https but I guess it's conceivable if unlikely. Patch included both inline and as an attachment. --- dont_scan_printers.old Wed Dec 10 18:30:13 2003 +++ dont_scan_printers.nasl Fri Dec 12 12:44:50 2003 @@ -68,7 +68,7 @@ # Test if open ports are seen on a printer # http://www.lprng.com/LPRng-HOWTO-Multipart/x4981.htm appsocket = 0; -foreach p (ports) +foreach p (keys(ports)) { p = int(p - "Ports/tcp/"); if ( p == 35 # AppSocket for QMS @@ -79,20 +79,17 @@ || p == 9220 || p == 9290 # ??? seen on HP printers || p == 10001) # Xerox - programmable :-( appsocket = 1; -# Look for common administration or printing port +# Look for common non-printer ports else if ( - p != 21 # FTP - && p != 23 # telnet - && p != 80 # www - && p != 139 && p!= 445 # SMB - && p != 280 # http-mgmt - && p != 443 - && p != 515 # lpd - && p != 631 ) # IPP -# Unknown port => not a printer -# We could be more precise and test for "forbidden port". -# Even seen a printer with SSH, SMTP, DNS, finger...? - exit(0); + p == 22 # SSH + || p == 25 # SMTP + || p == 53 # dns + || p == 139 || p == 445 # SMB - are there any printers that are SMB enabled?? + || p == 123 # ntp + || p == 443 # https + || p == 389 # ldap + ) + exit(0); } # OK, this might well be an AppSocket printer <<dsp.diff>> Trevor Hemsley, Security Specialist, Atos Origin Ltd, Whyteleafe, +44-(0)1883-628139 [This e-mail and the documents attached are confidential and intended solely for the addressee ; it may also be privileged . If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.]
dsp.diff
Description: dsp.diff
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
