Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Nmap/netwag problem.
From: Kaj Huisman <kaj.huisman () gmail com>
Date: Wed, 10 Aug 2005 23:55:31 +0200

Pete Herzog wrote:
Kaj,


Anyway. a 'full connect' scan (one that performs the complete three-way
handshake will _always_ (?) be the most reliable.
My sugeestion is to perform either a nmap connect scan on the ports from
both results or to manually telnet to the ports and see the response.


I have to disagree with you here.  A full connect scan is not the most
reliable.  There are many security defensive processes now which require
proper protocol queries to provide a response- I see this very often
with web ports.  If you send anything other than a http request, you
will not see a service behind the web port.

Uhm, before _any_ data gets sent a full tcp handshake has takes place.
Thus a full connect scan will reliably report a port open if it is.You
From the nmap man:
If the port is listening, connect() will succeed, otherwise the port isn't reachable.


------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault