Nmap Development mailing list archives
Re: studies/papers/etc. on getting best results w. nmap?
From: David Fifield <david () bamsoftware com>
Date: Wed, 5 Sep 2012 16:27:06 -0700
On Mon, Sep 03, 2012 at 03:02:16PM -0700, ^..^ wrote:
As a test I've started assigning weights to various results (e.g. closed is more closed than filtered), and it's showing at least some promise. 1) Any references on whether closed (or other results) are more open/closed than all the various outputs you can get - e.g. filtered, close|filtered, etcetera.
I don't think that you can rank the various states as more or less closed in general. A TCP port that is "filtered" may be so because there is no server behind, and it is additionally protected by a firewall--you might consider this "more closed" than "closed". But it also may be that there is a server listening on that port, with only a firewall to prevent connections--this is "less closed" than "closed" because the service will become open if there is ever a firewall SNAFU. Likewise, a UDP port being "open|filtered" may be because there is no application listening--"more closed" than "closed"--or because there is an application actively listening but Nmap doesn't yet have a UDP payload that provokes a response from it--"less closed" than "closed". is an app
3) Purely based on my own tests over the years I believe pretty strongly that I get different results when scanning from different OS's (e.g. scanning from Linux vs. OS X, with all other factors taken under consideration), and some scans are faster - at times substantially so - on one vs. the other. Are some OS's (and/or versions within, aka 64 vs. 32 bit, or using different compilers, having more memory, whatever) seen as better nmap scanners than others?
Windows is not as nice as others, because of raw socket limitations (you can only scan over Ethernet devices) and the inability to SYN scan localhost. Linux and Windows get the most testing and other platforms are more likely to break with exotic configurations. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- studies/papers/etc. on getting best results w. nmap? ^..^ (Sep 03)
- Re: studies/papers/etc. on getting best results w. nmap? DePriest, Jason R. (Sep 03)
- Re: studies/papers/etc. on getting best results w. nmap? ^..^ (Sep 03)
- Re: studies/papers/etc. on getting best results w. nmap? Michael Pattrick (Sep 03)
- Re: studies/papers/etc. on getting best results w. nmap? ^..^ (Sep 03)
- Re: studies/papers/etc. on getting best results w. nmap? David Fifield (Sep 05)
- Re: studies/papers/etc. on getting best results w. nmap? ^..^ (Sep 06)
- Re: studies/papers/etc. on getting best results w. nmap? DePriest, Jason R. (Sep 03)