Re: Nmap 2.30BETA20 Released

[Jeffrey Paul <sneak () datavibe net>]

Max Vision wrote:
[snip]

> Since I'm addressing problems - another issue is that most port lists
> (including the IANA assignments) list identifiers that are somewhat
> useless in the real world.  For example all of those ports with entries
> for both TCP and UDP.  Most services don't use both transports.  For
> example if you are scanning and see an open TCP port 137 - it's *not* the
> netbios name service.  There are a ton of port identifiers like this that
> might actually just slow down ligitimate auditing, or in some cases
> confuse/mislead administrators who don't know any better..
>
> For the benefit of less experienced netmapers, I would prefer to see
>  netbios-ns         137/tcp           # netbios name service
> be replaced by
>  UNKNOWN            137/tcp           # daemon on priveledged port!@#$
> and other appropriate accuracies.

This kind of defeats the purpose.

> Another option is to remove those entries, but I generally prefer to see
> as much detail about the remote host as possible, as there are often
> "rogue" daemons listening on ports one wouldn't expect - in particular
> ftpd and httpd are sometimes bound in strange places by their owners.

Well this is to be expected, and it's not the fault of the services 
file that people move things around...  nmap displays both the port 
and the service from the file for a reason... remember, the service 
is just a lookup in the table of the port, not any test of what's 
actually running.  I could run echo on 21, 22, 23, 25, 53, 80 and 110 
and nmap would tell you I'm running a bunch of useful services.  As 
for administrators that get 'confuse[d]/mislead', well, there isn't 
much that can be done for them in a situation like this, short of 
proper training and pointers to useful information in docs....

My point is that the service file is merely a suggestion, and if it's 
overkill or vague it's better than an integer staring you in the 
face.  If you think it's worse, then you need to ignore the 'Service' 
column:)

As for putting 'UNKNOWN' in a services file, it seems totally backwards imho.

[snip]
--

--------------------------------------------------
sneak () datavibe net        -             0xCD91A427
9907 3747 3CE9 11C5 2B1C  F141 D09F 488C CD91 A427
Note: key id 0x299450B6 is lost and inactive.
--------------------------------------------------
Copyright 2000 Jeffrey Paul.
The information contained in this message may be
privileged and confidential and protected from
disclosure.  If the reader of this message is not
the intended recipient, or an employee or agent
responsible for delivering this message to the
intended recipient, you are hereby notified that
any dissemination, distribution or copying of this
communication is strictly prohibited.  Thank you.