Nmap Announce mailing list archives
Re: Nmap 2.30BETA20 Released
From: Jeffrey Paul <sneak () datavibe net>
Date: Fri, 21 Apr 2000 14:55:17 -0400
Max Vision wrote: [snip]
Since I'm addressing problems - another issue is that most port lists (including the IANA assignments) list identifiers that are somewhat useless in the real world. For example all of those ports with entries for both TCP and UDP. Most services don't use both transports. For example if you are scanning and see an open TCP port 137 - it's *not* the netbios name service. There are a ton of port identifiers like this that might actually just slow down ligitimate auditing, or in some cases confuse/mislead administrators who don't know any better.. For the benefit of less experienced netmapers, I would prefer to see netbios-ns 137/tcp # netbios name service be replaced by UNKNOWN 137/tcp # daemon on priveledged port!@#$ and other appropriate accuracies.
This kind of defeats the purpose.
Another option is to remove those entries, but I generally prefer to see as much detail about the remote host as possible, as there are often "rogue" daemons listening on ports one wouldn't expect - in particular ftpd and httpd are sometimes bound in strange places by their owners.
Well this is to be expected, and it's not the fault of the services file that people move things around... nmap displays both the port and the service from the file for a reason... remember, the service is just a lookup in the table of the port, not any test of what's actually running. I could run echo on 21, 22, 23, 25, 53, 80 and 110 and nmap would tell you I'm running a bunch of useful services. As for administrators that get 'confuse[d]/mislead', well, there isn't much that can be done for them in a situation like this, short of proper training and pointers to useful information in docs....
My point is that the service file is merely a suggestion, and if it's overkill or vague it's better than an integer staring you in the face. If you think it's worse, then you need to ignore the 'Service' column:)
As for putting 'UNKNOWN' in a services file, it seems totally backwards imho. [snip] -- -------------------------------------------------- sneak () datavibe net - 0xCD91A427 9907 3747 3CE9 11C5 2B1C F141 D09F 488C CD91 A427 Note: key id 0x299450B6 is lost and inactive. -------------------------------------------------- Copyright 2000 Jeffrey Paul. The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. Thank you.
Current thread:
- Nmap 2.30BETA20 Released Fyodor (Apr 10)
- Re: Nmap 2.30BETA20 Released nmap-hackers (Apr 13)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 20)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Jeffrey Paul (Apr 21)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 21)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Justin (Apr 21)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 21)
- Re: Nmap 2.30BETA20 Released Dragos Ruiu (Apr 21)
- Re: Nmap 2.30BETA20 Released Fyodor (Apr 22)
- <Possible follow-ups>
- Re: Nmap 2.30BETA20 Released Alek O. Komarnitsky (N-CSC) (Apr 21)