Am Montag, 26. Juli 2010 13:00:08 schrieb Matthew Mundell: > > < OTP/1.0 > > > user > > passwd > > CLIENT <|> COMPLETE_LIST <|> CLIENT > > CLIENT <|> PREFERENCES <|> > > CLIENT <|> PREFERENCES <|> > > You sure it sends this twice?
No, I just used it to argue that with a different command sequence, the number of accessed ports is indeed restricted as expected. Instead of sending PREFERENCES twice, one can also replace the COMPLETE_LIST line with an empty line (the scanner assumes some answer(s) to its plugins md5sum statement before accepting other commands like PREFERENCES). I am not sure about the optimal command sequence. I just wanted to point out that I assume a misusage of OTP, as both mentioned examples work and I am not aware of any changes made to the OTP protocol since a long time. -- felix -- Felix Wolfsteller | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück AG Osnabrück, HR B 202460 | Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-devel mailing list Openvas-devel@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
