Nmap Announce mailing list archives
Re: An Operating Systems Survey, of sorts...
From: White Cap <whitecap () dreams res cmu edu>
Date: Thu, 11 Feb 1999 23:12:41 -0500 (EST)
On Thu, 11 Feb 1999, Fyodor wrote:
nmap -i <iplist> -m output_file -n -O -sS -p21,22,23,25,80,139
Especially for unix systems, to maximize the chance you'll get three open ports, I'd add: 7, 53, 79, 88, 110, 111, 137, 143, 513, 515 For things like kerberos v5 (88), usually the realm servers aren't running much else, so it's to your advantage to scrape together all ports you can find for the 3 port os ID to be effective. I would agree however that adding all of the above might not be wise if your hosts or you are on a slow link, and perhaps just adding a few or none at all might be best. They are just ports I've found that are commonly open or are open on hosts that have very few others open (k-v5). Obviously if you're scanning more sensitive hosts, you should drop ports with known vulnerable daemons like pop3, imap, maybe lpd, etc. That way if someone does pick up the syn or fin scan, they'll have less of a reason to get paranoid, which is generally a bad thing. whitecap
Current thread:
- Re: An Operating Systems Survey, of sorts... Fyodor (Feb 11)
- Re: An Operating Systems Survey, of sorts... White Cap (Feb 11)