Re: Nmap Version Detection Rocks

[InfoSec News <isn () c4i org>]

Forwarded from: Brian Hatch <bri () ifokr org>

[Mr. Hatch PGP signs all his posts, but it appears that this message
has a detached signature, and it didn't carry over.  - WK]


> Just a nit, but the -sV scan was first available in nmap 2.53 not
> 3.45. Up until 3.45 it was a secondary patch that needed to be
> applied.

It is that fact - that it wasn't part of the default distribution -
that meant it wasn't available in most distributions/rpms/etc.  While
most of us are more than happy to go compiling our software manually
(for all of the, what, 1 minute of interactive work it requires) the
majority of the world doesn't, and that was the target audience of
this article.

Ironically (or perhaps not) I got a lot of email from 'full time unix
penetration testers' that were excited because they'd never had such a
tool.  Sure, they've searched extensively, even written things
themselves, but none that were very good.  I hope these pen testers
weren't getting paid very much.  However it show that Nmap+V wasn't
known by the average Joe/Poser.


> Not to denigrate all the incredibly cool work/improvements Fyodor
> has made on fingerprints in the latest versions, but... Jay (saurik)
> Freeman's nmap+V banner grab patch has been around since April 2000,
> a.k.a. Nmap 2.53.  -sV scans have been a staple for some security
> people for quite a while.

Nmap+V was great, and I also frequently used amap.  However neither of
these was built in.  Fyodor has a nack (one might almost call it an
obsession) with building extreemly modular, extreemly fast
parallelized code, and his Nmap version scanning is better than
anything out there.

Also, Fyodor was able to look at the existing tools and see what
worked and what didn't.  Even though it came in later than others,
it's the fastest and most extensible, because it was able to take a
look at the past implementations.

> It has just been finally recoded into c from c++ and put in the main
> distribution. It has been improved a little and yes it is still
> cool.

Actually, Fyodor's stuff is completely written from scratch, I
believe.

> Thank you, Fyodor for all the improvements, and Jay for the original
> prototype.

Jay was also on the 'nmap council' and offered lots of ideas and
suggestions during the development - he's certainly to be commended.



--
Brian Hatch                  Hard work has a
   Systems and                future payoff, but
   Security Engineer          laziness pays off now.
http://www.onsight.com/

Every message PGP signed




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.