Home page logo

Nmap Announce mailing list archives

Re: Nmap 2.30BETA20 Released
From: Dragos Ruiu <dr () dursec com>
Date: Fri, 21 Apr 2000 13:25:35 -0700

On Fri, 21 Apr 2000, JUSTIN wrote:
Not necessarily a good or desireable thing.  Even with the not-so-complete
nmap services file, I usually find it reporting on services that aren't
really running, simply because they're above 1023, or because someone
decided to run a non-"standard" service on a privledged port.  
Idealy nmap would have a module to verify each servce it finds, so that
(for example) an open port 443 wouldn't be reported as ssl / http if it
isn't acting like a websserver.

Or even better... an identifier module that 
names the service by going through a decision tree
of stimulus/response criteria to id the service by
what it sends and responds to instead of port number.

I don't think we'll be able to rely on port numbers alone 
soon... if we even can now.

just another crazy ass idea.... :-)

dursec.com / kyx.net - we're from the future                      http://www.dursec.com
learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver 

Speakers: Ron Gula/NSW, Ken Williams/E&Y, Marty Roesch/Hiverworld,
 Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD
   Lance Spitzner/Sun, Fyodor Yarochkin/KALUG, Max Vision/whitehats.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]