Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Harnessing Service Discovery

From: David Fifield <david () bamsoftware com>
Date: Wed, 26 Nov 2008 16:05:25 -0700
On Mon, Nov 24, 2008 at 08:18:19PM +0200, Toni Ruottu wrote:

The technologies can also be combined to improved port scanners. Port
scanners can use service discovery as a source of information regarding
open ports. In some cases a port scanner could avoid sending any
packages, if a discovery service already revealed enough information
regarding the interesting ports.

Service discovery can also be used to get a list of target hosts/ports
to scan. In a local network, port scanning the advertised hosts could be
used to verify that the services are actually running, while in a
foreign network, the advertisements might reveal interesting nodes to
scan (or honey pots used for port scan detection!).

------------------------------------------------------------------------

To get my hands dirty on the subject, I wrote a simple script which uses
Avahi Bonjour implementation to produce an Nmap compatible XML-file that
can be opened in Zenmap for inspection. I have attached the script to
this email for your convenience, but I also created a Bazaar repository
to Launchpad.net for those of you who'd prefer getting a branch instead.


Hi Toni. This is a neat idea. I checked out your branch and ran the
program. There's a Mac OS X host on the local LAN. I attached the
resulting bonmap-david.xml.

It found ports 22 and 5900 on the Mac, but missed 88 which was also
open. The local host is not running any kind of Zeroconf but port 9 on
localhost was marked up, which it is not. (I noticed the output doesn't
differentiate TCP and UDP ports. Is that information available?)

This technique of an external program generating Nmap XML can be very
powerful when combined with Zenmap's scan aggregation. You could do a
normal port scan and then supplement the results by loading a Bonmap
file.

This is an interesting area of study. I admit to being almost totally
ignorant about Zeroconf/Bonjour/Avahi, but networks are changing all the
time so we'll need tools to deal with all the new developments.

David Fifield

Attachment: bonmap-david.xml
Description: 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: