mailing list archives
Re: Nmap 2.30BETA20 Released
From: Dragos Ruiu <dr () dursec com>
Date: Fri, 21 Apr 2000 13:25:35 -0700
On Fri, 21 Apr 2000, JUSTIN wrote:
Not necessarily a good or desireable thing. Even with the not-so-complete
nmap services file, I usually find it reporting on services that aren't
really running, simply because they're above 1023, or because someone
decided to run a non-"standard" service on a privledged port.
Idealy nmap would have a module to verify each servce it finds, so that
(for example) an open port 443 wouldn't be reported as ssl / http if it
isn't acting like a websserver.
Or even better... an identifier module that
names the service by going through a decision tree
of stimulus/response criteria to id the service by
what it sends and responds to instead of port number.
I don't think we'll be able to rely on port numbers alone
soon... if we even can now.
just another crazy ass idea.... :-)
dursec.com / kyx.net - we're from the future http://www.dursec.com
learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver
Speakers: Ron Gula/NSW, Ken Williams/E&Y, Marty Roesch/Hiverworld,
Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD
Lance Spitzner/Sun, Fyodor Yarochkin/KALUG, Max Vision/whitehats.com