Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Question on --version-intensity and -sR interaction
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 4 Mar 2011 11:37:44 -0600

Hey list,

The nmap man page states that RPC scan (-sR) is "automatically enabled
as part of version scan (-sV) if you request that." The
--version-intensity option lets you choose how unusual the probes are
that get sent to each port that is found open. As I read it, there are
3 possibilities:
1. RPC scan is conducted every time -sV is used, regardless of
--version-intensity
2. RPC scan is not conducted if --version-intensity is specified
3. RPC scan is conducted for --version-intensity values above some
level (e.g. 7 or higher)
Since I have run into custom services that crash on certain probes, I
would like a way to guarantee that only the explicit probes for each
port are run, and no RPC scan. I thought this would be the way to do
it:
nmap -sV --version-intensity 0 example.com
But I am no longer sure. Any ideas?

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault