Re: Nmap Version Detection Rocks

[InfoSec News <isn () c4i org>]

Forwarded from: Fyodor <fyodor () insecure org>

On Tue, Oct 14, 2003 at 07:23:03AM -0500, InfoSec News wrote:
> Forwarded from: Dragos Ruiu <dr () kyx net>
> [...] 
> Just a nit, but the -sV scan was first available in nmap 2.53 not
> 3.45. Up until 3.45 it was a secondary patch that needed to be
> applied.
>
> [...]
>
> It has just been finally recoded into c from c++ and put in the main
> distribution. It has been improved a little and yes it is still cool.

Actually these are two completely separate projects for adding version
detection to Nmap.  As you mentioned, Saurik's +V patch has been
available for years and has proven itself quite useful on many
occasions.  It is probably the most popular external Nmap patch ever -
mad props to Saurik!  Yet I never added it to Nmap due to concerns
about performance and maintainability.  In addition to desiring
parallelism and discreet signatures, I wanted to add support for UDP,
IPv6, and cool features such as SSL-scanthrough.  So I wrote the Nmap
version detection engine (and the signature database) from scratch. 
My paper describing the system is available at
http://www.insecure.org/nmap/versionscan.html .

Cheers,
Fyodor
http://www.insecure.org



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.