Nmap Development mailing list archives
Re: Scanning Printers
From: doug () hcsw org
Date: Tue, 26 Sep 2006 15:29:45 -0700
Hi Hari! Good question and as Fyodor pointed out in a previous post, the ports excluded from version scans are specified by the Exclude directive in the nmap-service-probes file as described here: http://insecure.org/nmap/vscan/vscan-fileformat.html The current version http://insecure.org/nmap/data/nmap-service-probes has the following line: Exclude T:9100 so Nmap only excludes TCP port 9100. When I added this feature I didn't know that some printers also do this on ports 9101-9107! I guess we need to decide whether to add these ports to the default Exclude directive or not. As you realise, the entire practice of skipping version detection on certain ports opens up a small hole. Hiding daemons on these ports potentially becomes somewhat easier - except obviously not against intelligent users like yourself who understand this. :) I don't know of any other common uses for these ports and see no reason to not add them to the default Exclude directive. Anyone? Best, Doug
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Scanning Printers Hari Sekhon (Sep 26)
- Re: Scanning Printers Fyodor (Sep 26)
- Re: Scanning Printers Hari Sekhon (Sep 26)
- Re: Scanning Printers doug (Sep 26)
- Re: Scanning Printers Hari Sekhon (Sep 27)
- Re: Scanning Printers Fyodor (Sep 28)
- Re: Scanning Printers Hari Sekhon (Sep 26)
- Re: Scanning Printers Fyodor (Sep 26)