Re: SNMP to nmap?

[Evan Brewer <dmessiah () silcon com>]

On Thu, Dec 17, 1998 at 10:54:43AM -0800, Lamont Granquist wrote:

> I talked with Fyodor about adding RPC service portscanning to NMAP, so
> that NMAP would be able to query ports with null RPC commands to figure
> out which RPC service was listening, if any (I haven't looked at RPC
> closely enough to figure out if you could do this with one query, or if
> you'd need to send queries for every service that you'd be interested in
> knowing about, anyway...).  Fyodor's opinion was that NMAP should try to
> stay away from doing 'application' level stuff as much as possible and
> that the identd scanning and such in the current version was pushing it.

An interesting idea, however anything extrapolated from rpc may also (under
most conditions) be determined by a normal port scan.  There is nothing that
(Most of the time,) rpcinfo will tell you that a port scan wont.  Lets say
port 2049/tcp is open.  Odds are this guy has NFS.  

> Anyway, I'd certainly think that RPC service scanning would be a hell of a
> lot more generally useful than teaching NMAP about SNMP, but can
> appreciate the sentiment behind not wanting to promote code bloat and not
> wanting to do either of them.

May be useful yes, however getting this info in a stealthlike matter requires
a connection to portmap.  Nmap is supposed to be a network scanner yes, but
in that it is also a stealth scanner.  I am one for the belief that if you
can determine services/ports open without connecting to portmap, more power to
you.  If you are thinking, well what about udp?  The udp scanning in Nmap is
great, so there should be no problems there.  Im sure you could come up with
1 or 2 command lines to totally probe a system without using portmap. Good
idea, but not necessary imho.

dmess0r