Nmap Announce mailing list archives
Re: Nmap 2.30BETA20 Released
From: Dragos Ruiu <dr () dursec com>
Date: Fri, 21 Apr 2000 13:25:35 -0700
On Fri, 21 Apr 2000, JUSTIN wrote:
Not necessarily a good or desireable thing. Even with the not-so-complete nmap services file, I usually find it reporting on services that aren't really running, simply because they're above 1023, or because someone decided to run a non-"standard" service on a privledged port.
...
Idealy nmap would have a module to verify each servce it finds, so that (for example) an open port 443 wouldn't be reported as ssl / http if it isn't acting like a websserver.
Or even better... an identifier module that names the service by going through a decision tree of stimulus/response criteria to id the service by what it sends and responds to instead of port number. I don't think we'll be able to rely on port numbers alone soon... if we even can now. just another crazy ass idea.... :-) --dr -- dursec.com / kyx.net - we're from the future http://www.dursec.com learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver Speakers: Ron Gula/NSW, Ken Williams/E&Y, Marty Roesch/Hiverworld, Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD Lance Spitzner/Sun, Fyodor Yarochkin/KALUG, Max Vision/whitehats.com
Current thread:
- Nmap 2.30BETA20 Released Fyodor (Apr 10)
- Re: Nmap 2.30BETA20 Released nmap-hackers (Apr 13)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 20)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Jeffrey Paul (Apr 21)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 21)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Justin (Apr 21)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 21)
- Re: Nmap 2.30BETA20 Released Dragos Ruiu (Apr 21)
- Re: Nmap 2.30BETA20 Released Fyodor (Apr 22)
- <Possible follow-ups>
- Re: Nmap 2.30BETA20 Released Alek O. Komarnitsky (N-CSC) (Apr 21)