From: Andrew Brown <atatat () atatdot net>
Subject: Re: Nmap 2.30BETA20 Released
To: Justin <jguyett () andrew cmu edu>
Cc: nmap-hackers () insecure org
Idealy nmap would have a module to verify each servce it finds, so that
(for example) an open port 443 wouldn't be reported as ssl / http if it
isn't acting like a websserver.
verifying that port 25 is an smtp server is relatively easy, likewise
with 21 being ftp control, 22 being an ssh server, and 23 being a
telnet server. the daytime and time services are likewise very easy
to detect since they just spew; they don't accept.
verifying that port 443 is actually an https server is decidedly
non-trivial, not the least of which is because it waits for the client
to say something before dropping you. it would require at least a
minimal ssl stack, and some crypto tools, neither of which belong in
the world's best port scanner.