Re: Why does nmap fingerprint the application by using the standard probes

[Martin Mačok <martin.macok () underground cz>]

On Thu, Feb 12, 2004 at 08:35:20PM -0800, alan donald wrote:

> Why is nmap not sending probes very specific to that application.

The set of the probes should be minimal as there are often
ports/services that does not respond to anything. With each probe you
have to wait for the eventual answer for some time (5s by default) so
it is basically a performance issue.

Fyodor told me that he plans (or already is working on) rewriting
version scan so this may not be true for future releases.

> Therefore using this aproach can we totally rely on nmap to tell us
> the application version each time or not?

You shouldn't totally rely on *any* tool! ;-)

Anyway, it's just a banner grabbing so it's not reliable anyway, one
can always fake it.

The version scan is not ideal/optimal but it's pretty accurate and
fast in *most* cases which is the goal. It saves me a lot of time when
digging through a large number of target hosts ...

Martin Mačok

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org