Nmap Announce mailing list archives
Re: Nmap 2.30BETA20 Released
From: Andrew Brown <atatat () atatdot net>
Date: Fri, 21 Apr 2000 15:06:42 -0400
i'd also like to suggest that you distribute the "massive" services file that i've been maintaining for a year or so at http://www.graffiti.com/services as the nmap-services file.Not necessarily a good or desireable thing. Even with the not-so-complete nmap services file, I usually find it reporting on services that aren't really running, simply because they're above 1023, or because someone decided to run a non-"standard" service on a privledged port. In fact, I'd almost like to see all the services on non-privledged ports be removed from the services file nmap uses. At least all except 6660-6670, 8000, 8080, 12345, and other such common or critically important high ports.
scanning only ports below 1024 makes a certain amount of sense. scanning below 1024 and, "oh, just these few" is arrogant. maybe you are, but *most* people aren't running a chat server or web server on some non-standard ports. nmap could easily be changed to accept "-p priv" so that it would only scan privileged ports...
Idealy nmap would have a module to verify each servce it finds, so that (for example) an open port 443 wouldn't be reported as ssl / http if it isn't acting like a websserver.
verifying that port 25 is an smtp server is relatively easy, likewise with 21 being ftp control, 22 being an ssh server, and 23 being a telnet server. the daytime and time services are likewise very easy to detect since they just spew; they don't accept. verifying that port 443 is actually an https server is decidedly non-trivial, not the least of which is because it waits for the client to say something before dropping you. it would require at least a minimal ssl stack, and some crypto tools, neither of which belong in the world's best port scanner. -- |-----< "CODE WARRIOR" >-----| codewarrior () daemon org * "ah! i see you have the internet twofsonet () graffiti com (Andrew Brown) that goes *ping*!" andrew () crossbar com * "information is power -- share the wealth."
Current thread:
- Nmap 2.30BETA20 Released Fyodor (Apr 10)
- Re: Nmap 2.30BETA20 Released nmap-hackers (Apr 13)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 20)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Jeffrey Paul (Apr 21)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 21)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Justin (Apr 21)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 21)
- Re: Nmap 2.30BETA20 Released Dragos Ruiu (Apr 21)
- Re: Nmap 2.30BETA20 Released Fyodor (Apr 22)
- <Possible follow-ups>
- Re: Nmap 2.30BETA20 Released Alek O. Komarnitsky (N-CSC) (Apr 21)