Re[2]: Version detection of Ldap Service using nmap

[Bo Cato <jcato73 () comcast net>]

M> If they return the exact same thing, it is not going to be possible.
M> The only other option is to try and figure out a different probe to
M> send to get a different response from each lpad server.  The problem
M> then comes in on wether it works with the most ldap servers.  You don't
M> want 3 or 4 probes for a single service, then it takes a lot longer if
M> the service is not known or even when it is.  You want one probe that
M> elicits the most data to be able to fingerprint the most number of
M> unique servers accurately.

I agree with Madhat completely on this point.

But I also would suggest that the service option be expanded to allow
for Quick probe and Extensive probe. The current probe could satisfy
the Quick option and check for the most the quickest. And if someone
was willing to give up this speed for the option of a more detailed
probe they could select the Extensive option that could provide 3 or 4
probes for each service.

-sV0 <- Fast probe (or Limited Probe, Quick Probe, etc)
-sV1 <- Slow probe (or Additional Probe, Extensive Probe, etc)

Normally 1 size does not fit all. Those that need "quick and general"
probe would not have to suffer for those that want a "slow and
granular" probe.

Am I going to code this? Hehehe. N o - W a y !

I guess this could be added to the very long "wish list" for nmap, eh?

The more people that feel this is an attractive addition the more
likely it will be looked into.

Honestly I'd rather see a proxy scan be added as a feature first. It
still amazes me that nmap can't use a proxy server after all this
time. I guess no one has asked for it. *shrug*

-b



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org