Nmap Development mailing list archives

Re: Nessus's Nmap competitor

From: Arturo 'Buanzo' Busleiman <buanzo () buanzo com ar>
Date: Tue, 02 Sep 2008 23:18:23 -0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

DePriest, Jason R. wrote:

Sorry to hijack, but I had questions about this idea.


More than welcome!

How useful is port grouping based fingerprinting for something other
than Windows?


I wished I had saved logs for this, but I had a situation with two linux servers, different kernel
versions/distros. The NAT was a linux machine with services, and other ports were forwaded to
another machine. Port grouping helped narrow down the possibilities to almost exact matchings.

The available ports for other OSes are pretty dynamic and depend
almost entirely on what applications the end-user decides to install.


Yes.

Also since getting rid of native NetBIOS, the only port you'll always
find for Windows is 445.


Also true.

I'm asking because I've always thought this was a good idea, too.  We
need to take into account the combination of ports open on a host and
not just what the individual ports have to say.


Yes, I agree. But it's also true this is scenario-based. Trial and error. In Nmap I want a tool that
will assist me in applying different scanning techniques to determine what the scenario is. Even bad
info can be good info, but so far, QSCAN gives me more info... which, is, crc-error here, good :)

I'd hoped someone with more skills would build a host NSE script for it.


Yeah, me too. I lost my mojo!


- --
Arturo "Buanzo" Busleiman
Independent Linux and Security Consultant - SANS - OISSG - OWASP
http://www.buanzo.com.ar/pro/eng.html
Mailing List Archives at http://archiver.mailfighter.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIvfPvAlpOsGhXcE0RCstxAKCCIWg7DjlTRdC8rDbfAeyPjOmu0wCeL1Of
uG7VOYQgaCUCwDZ5zT5Hh4w=
=Isam
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Nessus's Nmap competitor Fyodor (Sep 02)
- RE: Nessus's Nmap competitor Andrew J. Sledge (Sep 02)
- Re: Nessus's Nmap competitor Arturo 'Buanzo' Busleiman (Sep 02)
  - Re: Nessus's Nmap competitor DePriest, Jason R. (Sep 02)
    - Re: Nessus's Nmap competitor Arturo 'Buanzo' Busleiman (Sep 02)
    - Re: Nessus's Nmap competitor doug (Sep 03)