Security Basics mailing list archives
Re: help interpreting the nmap output
From: miguel.dilaj () pharma novartis com
Date: Fri, 17 Dec 2004 09:37:57 +0100
Hi Ivan, Good! Yes, you guess correctly, it seems that Apache was setup to show only its name. For other ports, like services that don't have a text banner, you've 2 very nice options: a) use the -sV option in nmap. Read The Fine Manual, and also the article at http://www.insecure.org/nmap/versionscan.html Take into account that this is not stealth (like -sS), it establishes the full TCP connection. Be sure to use latest nmap, this option is quite new (>=3.45). There's also a good article by Brian Hatch at InfoSec News: http://lists.virus.org/isn-0310/msg00030.html b) use amap (http://www.thc.org/releases.php) Amap is a next-generation scanning tool, which identifies applications and services even if they are not listening on the default port by creating a bogus-communication and analyzing the responses. Changes: more identifications, SSL bugix. Voted into the top-50 security tool list! There're other tools out there to do the identification, Nessus for example can do some detection, but the 2 tools above are the preferred ones by most people (in my case: plain nmap, but I recognize the merits of amap as well). Cheers, Miguel Dilaj (Nekromancer) Vice-President of IT Security Research, OISSG "Ivan Fratric" <hacky_2001 () hotmail com> 16/12/2004 19:57 To: Miguel Dilaj/PH/Novartis@PH, security-basics () securityfocus com cc: Subject: Re: help interpreting the nmap output Thanks for the reply. I tried using netcat, and I get the following nc -vv xxx.xxx.xxx.xxx 80 xxxxxxxxxxxx.com [xxx.xxx.xxx.xxx] 80 (http) open HEAD / HTTP/1.1 Host: www.xxxxxxxxxxx.com HTTP/1.1 200 OK Date: Thu, 16 Dec 2004 19:41:45 GMT Server: Apache Content-Type: text/html; charset=iso-8859-1 So I guess the apache is configured not to show its version? When I try using netcat on the other mentioned ports I get something like nc -vv xxx.xxx.xxx.xxx 23 xxxxxxxxxxxx.com [xxx.xxx.xxx.xxx] 23 (telnet) open sent 0, rcvd 0: NOTSOCK Is there anything else that can be done regarding the ports giving output like this?
Current thread:
- help interpreting the nmap output Ivan Fratric (Dec 14)
- RE: help interpreting the nmap output Harshul Nayak (Dec 17)
- <Possible follow-ups>
- Re: help interpreting the nmap output miguel . dilaj (Dec 15)
- Re: help interpreting the nmap output Corey LeBleu (Dec 16)
- Re: help interpreting the nmap output Corey LeBleu (Dec 16)
- Re: help interpreting the nmap output Corey LeBleu (Dec 16)
- Re: help interpreting the nmap output miguel . dilaj (Dec 17)