Re: Nmap 2.30BETA20 Released

[Dragos Ruiu <dr () dursec com>]

On Fri, 21 Apr 2000, JUSTIN wrote:
> Not necessarily a good or desireable thing.  Even with the not-so-complete
> nmap services file, I usually find it reporting on services that aren't
> really running, simply because they're above 1023, or because someone
> decided to run a non-"standard" service on a privledged port.  
...
> Idealy nmap would have a module to verify each servce it finds, so that
> (for example) an open port 443 wouldn't be reported as ssl / http if it
> isn't acting like a websserver.

Or even better... an identifier module that 
names the service by going through a decision tree
of stimulus/response criteria to id the service by
what it sends and responds to instead of port number.

I don't think we'll be able to rely on port numbers alone 
soon... if we even can now.

just another crazy ass idea.... :-)
--dr

-- 
dursec.com / kyx.net - we're from the future                      http://www.dursec.com
learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver 

Speakers: Ron Gula/NSW, Ken Williams/E&Y, Marty Roesch/Hiverworld,
 Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD
   Lance Spitzner/Sun, Fyodor Yarochkin/KALUG, Max Vision/whitehats.com