Nmap Announce mailing list archives
Re: RPC portscanning
From: Evan Brewer <dmessiah () silcon com>
Date: Thu, 17 Dec 1998 12:06:45 -0800
On Thu, Dec 17, 1998 at 12:05:52PM -0800, Lamont Granquist wrote:
I'm not sure what you mean here. That's actually *not* a stealthy way to do it, since the portmap could be wrapped against libwrap.a (from tcp_wrappers) and queries from foreign hosts could be denied and logged. On the other hand, many RPC services themselves have no access control and very limited logging capabilities. I'd personally feel a whole lot stealthier in scanning a network from 600-1024 using stealth scan and then querying the service directly to figure out what it was. Tripwiring against that kind of a scan is more difficult, requiring either the sources to the RPC programs, some kind of kludgy hack like securelib, or a firewall with logging.
I guess the point I was tyring to bring across in the previous mail is that there is no safe way to do an rpcinfo call on a remote machine without them knowing about what you just did. Even if you used null commands you would still have to create a handshake that will be detected by such daemons like tcpdump etc. Now, if you could make portmap somehow respond without setting it off, that would be nice. Then again its on the application layer. dmess0r
Current thread:
- SNMP to nmap? Michael Dodwell (Dec 16)
- Re: SNMP to nmap? Emerson (Dec 17)
- Re: SNMP to nmap? Matthew Franz (Dec 17)
- Re: SNMP to nmap? Lamont Granquist (Dec 17)
- NMAP IRIX Port Lamont Granquist (Dec 17)
- Hey, Fyodor, How does this OS Scan stuff work? Lamont Granquist (Dec 17)
- Re: SNMP to nmap? Evan Brewer (Dec 17)
- RPC portscanning Lamont Granquist (Dec 17)
- Re: RPC portscanning Evan Brewer (Dec 17)
- Re: SNMP to nmap? ubik (Dec 17)
- Re: SNMP to nmap? Evan Brewer (Dec 17)
- Re: SNMP to nmap? Matthew Franz (Dec 17)
- Re: SNMP to nmap? Emerson (Dec 17)
- <Possible follow-ups>
- Re: SNMP to nmap? James W. Abendschan (Dec 17)