Nmap Announce mailing list archives
Re: Nmap 2.30BETA20 Released
From: Max Vision <vision () whitehats com>
Date: Fri, 21 Apr 2000 09:39:16 -0700 (PDT)
On Thu, 20 Apr 2000, Andrew Brown wrote:
i'd also like to suggest that you distribute the "massive" services file that i've been maintaining for a year or so at http://www.graffiti.com/services as the nmap-services file. it's basically a large merge of the iana port-numbers list and the services files from solaris, the bsds, a few linuxes, and some submissions i've gotten, giving a really nice big list. it's really good for scanning *everything*. :)
Hi- I took some time to compare the differences between the services file distributed with nmap 2.30beta20, and the new services file that you are maintaining. It looks like you have roughly triple the number of port descriptions - good job! I can see that these short descriptions will be useful in identifying open ports in a scan - however I wish that contributors to your list (and any port list) would drop more hints about what the services are. Personally, I only recognized several of the thousands of additional ports on your list. Mention of an OS or application name would help with the research - especially for those of us performing external auditing who don't always have the immediate luxury of 'lsof -i'. (That comes soon enough, but usually not through discovering a new hole in a completely unknown app :) % egrep 'udp|tcp' nmap-services|wc 2027 10260 93904 % egrep 'udp|tcp' services | wc 6167 32613 322661 I saw a few port ranges that I wanted to draw attention to for anyone using the service file: lines/ description 64/ tcp ports for x11 (6000-6063) - this is sort of overkill.. 64/ udp ports for x11 (6000-6063) - AFAIK X doesn't use UDP 100/ VRML range (4200-4299) - 100 ports for what? 91/ swx (7300-7390) - www.swx.com? what server software is this? ...couple other ranges like this should be looked at Since I'm addressing problems - another issue is that most port lists (including the IANA assignments) list identifiers that are somewhat useless in the real world. For example all of those ports with entries for both TCP and UDP. Most services don't use both transports. For example if you are scanning and see an open TCP port 137 - it's *not* the netbios name service. There are a ton of port identifiers like this that might actually just slow down ligitimate auditing, or in some cases confuse/mislead administrators who don't know any better.. For the benefit of less experienced netmapers, I would prefer to see netbios-ns 137/tcp # netbios name service be replaced by UNKNOWN 137/tcp # daemon on priveledged port!@#$ and other appropriate accuracies. Another option is to remove those entries, but I generally prefer to see as much detail about the remote host as possible, as there are often "rogue" daemons listening on ports one wouldn't expect - in particular ftpd and httpd are sometimes bound in strange places by their owners. -- Max Vision Network Security <vision () whitehats com> Network Security Assessment http://maxvision.net/ 100% Success Rate : Penetration Testing & Risk Mitigation Free Visibility Analysis and Price Quote for Your Network
Current thread:
- Nmap 2.30BETA20 Released Fyodor (Apr 10)
- Re: Nmap 2.30BETA20 Released nmap-hackers (Apr 13)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 20)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Jeffrey Paul (Apr 21)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 21)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Justin (Apr 21)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 21)
- Re: Nmap 2.30BETA20 Released Dragos Ruiu (Apr 21)
- Re: Nmap 2.30BETA20 Released Fyodor (Apr 22)
- <Possible follow-ups>
- Re: Nmap 2.30BETA20 Released Alek O. Komarnitsky (N-CSC) (Apr 21)