Nmap Development mailing list archives
Re: Question on --version-intensity and -sR interaction
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 4 Mar 2011 18:12:40 -0600
On Fri, Mar 4, 2011 at 4:55 PM, Fyodor <fyodor () insecure org> wrote:
When service detection is enabled, RPC scan (-sR) only runs against ports which were determined (by service detection) to be "rpcbind". This can only happen in response to three probes: tcp "RPCCheck", tcp "NotesRPC", or udp "RPCCheck".
Maybe this is just a documentation issue, then. The man page says """ It takes all the TCP/UDP ports found open and floods them with SunRPC program NULL commands in an attempt to determine whether they are RPC ports, and if so, what program and version number they serve up. Thus you can effectively obtain the same info as rpcinfo -p even if the target's portmapper is behind a firewall (or protected by TCP wrappers) """ which seems to contradict what you said about only if they are detected as "rpcbind."
In addition to the RPC scan, version detection can enable the version detection category of NSE scripts.
If someone wanted to prevent this step, could they not use --script "not all"?
Does the "rpcbind" limitation resolve your issue, or is RPC scan still likely to present a problem?
This probably solves it. I'll have to do some testing to be sure. If that is the case, then the man page
Have you also limited the probes in the file, or are you using the file as is?
I'm using the file as-is. The services I've crashed before have IIRC been running on ports without specific probes assigned. Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Question on --version-intensity and -sR interaction Daniel Miller (Mar 04)
- Re: Question on --version-intensity and -sR interaction Fyodor (Mar 04)
- Re: Question on --version-intensity and -sR interaction Daniel Miller (Mar 04)
- Re: Question on --version-intensity and -sR interaction Fyodor (Mar 04)
- Re: Question on --version-intensity and -sR interaction David Fifield (Mar 12)
- Re: Question on --version-intensity and -sR interaction Daniel Miller (Mar 12)
- Re: Question on --version-intensity and -sR interaction David Fifield (Mar 12)
- Re: Question on --version-intensity and -sR interaction Daniel Miller (Mar 04)
- Re: Question on --version-intensity and -sR interaction Fyodor (Mar 04)