Nmap Announce mailing list archives
Re: SNMP to nmap?
From: ubik <ubik () leviticus cert nu>
Date: Thu, 17 Dec 1998 13:18:19 -0700 (MST)
On Thu, 17 Dec 1998, Evan Brewer wrote:
stay away from doing 'application' level stuff as much as possible and that the identd scanning and such in the current version was pushing it.An interesting idea, however anything extrapolated from rpc may also (under most conditions) be determined by a normal port scan. There is nothing that (Most of the time,) rpcinfo will tell you that a port scan wont. Lets say port 2049/tcp is open. Odds are this guy has NFS.
This isn't really true. NFS is a special case since it typically runs on a well known port. Most (all?) of the other RPC services allocate ephemeral ports so you can't determine which RPC service is running on a certain port in a reliable way by simply portscanning.
Anyway, I'd certainly think that RPC service scanning would be a hell of a lot more generally useful than teaching NMAP about SNMP, but can appreciate the sentiment behind not wanting to promote code bloat and not wanting to do either of them.May be useful yes, however getting this info in a stealthlike matter requires a connection to portmap. Nmap is supposed to be a network scanner yes, but in that it is also a stealth scanner. I am one for the belief that if you can determine services/ports open without connecting to portmap, more power to you. If you are thinking, well what about udp? The udp scanning in Nmap is great, so there should be no problems there. Im sure you could come up with 1 or 2 command lines to totally probe a system without using portmap. Good idea, but not necessary imho.
The point of RPC scanning that in situations where packet filters prohibit connections to the portmapper (often advocated on CSU to "enhance security") you can still easily find out what port a particular service exists on by sending requests to invoke to NULL procedure for the service to every open UDP port. If you find the service, you will get a response. Now just so my post is only mostly off topic, not entirely. I have a suggestion regarding requests to add new features. If nmap supported some type of "plug-in" API, then anyone who wanted nmap to do something else could write their own modular component and make it available for anybody else who wanted to use it without bloating the main nmap program. Would this be a reasonable compromise? -ubik
Current thread:
- SNMP to nmap? Michael Dodwell (Dec 16)
- Re: SNMP to nmap? Emerson (Dec 17)
- Re: SNMP to nmap? Matthew Franz (Dec 17)
- Re: SNMP to nmap? Lamont Granquist (Dec 17)
- NMAP IRIX Port Lamont Granquist (Dec 17)
- Hey, Fyodor, How does this OS Scan stuff work? Lamont Granquist (Dec 17)
- Re: SNMP to nmap? Evan Brewer (Dec 17)
- RPC portscanning Lamont Granquist (Dec 17)
- Re: RPC portscanning Evan Brewer (Dec 17)
- Re: SNMP to nmap? ubik (Dec 17)
- Re: SNMP to nmap? Evan Brewer (Dec 17)
- Re: SNMP to nmap? Matthew Franz (Dec 17)
- Re: SNMP to nmap? Emerson (Dec 17)
- <Possible follow-ups>
- Re: SNMP to nmap? James W. Abendschan (Dec 17)