RE: nmap-2.03 DNS address scanner

[wanb0y <wanb0y () earthlink net>]

If part of the goal is OS detection and a nice trim app.
What about adding a fingerprint for various firewall
systems?  Many firewalls have management ports
etc. open by default that could be used with standard fingerprinting
info...

It would be more useful to know
'what' firewall it 'may' be vs a generic "Firewalled."

Just another worthless 2 pence.

wanb0y

----------
From:   Matthew Franz
Sent:   Friday, February 05, 1999 5:40 PM
To:     Brown, Mark
Cc:     nmap-hackers () insecure org
Subject:        RE: nmap-2.03 DNS address scanner

On Fri, 5 Feb 1999, Brown, Mark wrote:

> Actually, I think it makes more sense to leave stuff *out* of nmap that is
> already trivially available (host -l?) lest nmap become fat.  Attempting a
> zone transfer of a domain is a sure-fire way to draw attention to yourself
> if the other side's hostmaster has two brain-cells to rub together.  

I second this sentiment on keeping nmap trim.  IMHO it should remain the
best damn portscanner / OS detector around with all the features we know
and love.  I could see a strong case for RPC scanning but not DNS and
certainly not SNMP.  There are close to a dozen small tools for gathering
IPs from DNS records (dig, z0ne, rdns, ipzoner, host, etc.)  Thats what
shell scripts and pipes and IO redir and the UNIX toolkit philosophy is
about.

Creating modules to integrate the results of nmap scans with (lets say)
the vulnerabiltiy database used by nessus or some future, hypothetical,
Open Source vulnerability does seem to be a worthhile project IHMO.

For what its worth...

-mdf

===================================================================
 Matthew D. Franz                               mdfranz () trinux org
 Trinux: A Linux Security Toolkit            http://www.trinux.org