Re: [PEN-TEST] Database of service output

["Randall, Mark (ISSCalifornia)" <MRandall () ISS NET>]

I don't know about a database, but Nessus does exactly what you describe.
It doesn't report services simply because of a connection to a port that is
part of the IANA standards.  It actually probes the running services.  They
call it "Smart service recognition" and have used it as one of the selling
points for Nessus for quite some time.

http://www.nessus.org/features.html

Again, I don't know about an actual database...but nessus is open source, so
you can certainly see how they're doing it.




> -----Original Message-----
> From: Dave Cowen [mailto:dcowen () ENSTAR COM]
> Sent: Thursday, December 07, 2000 11:59 AM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: [PEN-TEST] Database of service output
>
>
> Hi,
>     We are working on a project to modify popular scanners to detect
> services by their service output <if available> rather than
> trusting their
> port assignment.
> Do any of you know of such a database or list that exists
> today or would be
> willing to contribute to this project that will be given as
> an open source
> resource, first through
> SARA and then nmap. We believe that this tool will greatly
> reduce our time
> if having to check each port after a scan to verify the
> service listed is
> the service running.
>
> Thanks in advance,
> Dave Cowen, CISSP
> Security Services Manager
> Enstar
> http://www.enstar.com
> Tel: 972-929-5267
> Fax: 972-915-6969
> Email: dcowen () enstar com