Re: Nmap Version Detection Rocks

[InfoSec News <isn () c4i org>]

Forwarded from: Dragos Ruiu <dr () kyx net>


> Nmap Version Detection Rocks
> By Brian Hatch
>
> Summary: The newest version of Nmap can fingerprint the protocol and
> software versions that it discovers, giving you a more accurate
> picture of your network.

> Nmap-3.45 and later have the ability to test out open ports and
> discover what version of software is running. The older versions
> could only tell you what port was open, and what that port is
> traditionally used for. While this is a good start, it is common for
> people to run services on non-standard ports for a variety of
> reasons:

Just a nit, but the -sV scan was first available in nmap 2.53 not
3.45. Up until 3.45 it was a secondary patch that needed to be
applied.

Not to denigrate all the incredibly cool work/improvements Fyodor has
made on fingerprints in the latest versions, but... Jay (saurik)
Freeman's nmap+V banner grab patch has been around since April 2000,
a.k.a. Nmap 2.53.  -sV scans have been a staple for some security
people for quite a while.

I think I first heard about it at Fyodor's CanSecWest/core00
presentation. Nmap 2.53+V was on the conference CD.

It has just been finally recoded into c from c++ and put in the main
distribution. It has been improved a little and yes it is still cool.

Thank you, Fyodor for all the improvements, and Jay for the original
prototype.

cheers,
--dr

-- 
Top security experts.  Cutting edge tools, techniques and information.
Tokyo, Japan   November, 2003   http://www.pacsec.jp
pgpkey http://dragos.com/ kyxpgp



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.