Home page logo

nmap-dev logo Nmap Development mailing list archives

Question on --version-intensity and -sR interaction
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 4 Mar 2011 11:37:44 -0600

Hey list,

The nmap man page states that RPC scan (-sR) is "automatically enabled
as part of version scan (-sV) if you request that." The
--version-intensity option lets you choose how unusual the probes are
that get sent to each port that is found open. As I read it, there are
3 possibilities:
1. RPC scan is conducted every time -sV is used, regardless of
2. RPC scan is not conducted if --version-intensity is specified
3. RPC scan is conducted for --version-intensity values above some
level (e.g. 7 or higher)
Since I have run into custom services that crash on certain probes, I
would like a way to guarantee that only the explicit probes for each
port are run, and no RPC scan. I thought this would be the way to do
nmap -sV --version-intensity 0 example.com
But I am no longer sure. Any ideas?

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]