Nmap Announce mailing list archives
Re: Examples of legit nmap usage?
From: Lamont Granquist <lamontg () raven genome washington edu>
Date: Mon, 20 Sep 1999 11:23:17 -0700
On Sat, 18 Sep 1999, Max Vision wrote:
specify -F). You should limit your scan to the services that you can, youself, explain why they are interesting or should be checked for.
Is this really the best idea? If you're looking for Windoze trojans, then they could be listening on any port. The thing to do it would seem is to -sS scan for port 135/139 (fragile-stack-friendly-os-detection) and then scan the entire portrange on these machines looking for trojans. Then ideally you save this info into a file and run a scan every N time units and compare the results with previous information. And I've got a question as to how you go about doing forensics to determine if a WinNT/Win9X box has been trojaned when you find a really suspicious looking open port on the box? For example, there's this Win box we've got on our network (which i don't admin) and which is listening on port 4692/udp. The person who uses this box downloads a lot of stuff from the net. I suspect this is a possible trojan, but where the hell do i go from here? This might be getting a little afield of nmap discussion, but i think its appropriate because it'd be good to be able to back up nmap scans with actual solid evidence on the machine that it has been compromised. -- Lamont Granquist lamontg () genome washington edu Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontg () raven genome washington edu | pgp -fka
Current thread:
- Examples of legit nmap usage? Foust, Adam G. (Sep 17)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 17)
- Re: Examples of legit nmap usage? David Carmean (Sep 17)
- Re: Examples of legit nmap usage? Joel Eriksson (Sep 18)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 20)
- Re: Examples of legit nmap usage? Andreas Kostyrka (Sep 20)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 20)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 17)
- Re: Examples of legit nmap usage? Lamont Granquist (Sep 20)
- Re: Examples of legit nmap usage? Max Vision (Sep 21)
- IP fragment overwriting bug exploitation Lamont Granquist (Sep 21)
- reverse frag scanning patch Lamont Granquist (Sep 22)
- <Possible follow-ups>
- RE: Examples of legit nmap usage? Rob Shein (Sep 17)
- RE: Examples of legit nmap usage? Scott Hardy (Sep 20)
- Re: Examples of legit nmap usage? Foust, Adam G. (Sep 21)