Nmap Announce mailing list archives
Re: Nmap 2.30BETA20 Released
From: Max Vision <vision () whitehats com>
Date: Fri, 21 Apr 2000 13:28:20 -0700 (PDT)
On Fri, 21 Apr 2000, Jeffrey Paul wrote:
Max Vision wrote:For the benefit of less experienced netmapers, I would prefer to see netbios-ns 137/tcp # netbios name service be replaced by UNKNOWN 137/tcp # daemon on priveledged port!@#$ and other appropriate accuracies.This kind of defeats the purpose.
Well not really - it corrects an outstanding error that could lead to misunderstandings. The "purpose" of the services file is to provide suggestions about typical application protocols or daemons that would bind to these ports. Technically speaking, /etc/services is just "a mapping between friendly textual names for internet services, and their underlying assigned port numbers and protocol types". For our purposes, the information about TCP 137 (sticking with this exampple) is false. It may be "assigned", but it is not something we will encounter in the field. Sticking with this same example, let's say Jane Admin scans her windows machines with nmap internally. Her policy permits netbios internally, so she thinks nothing of the TCP137/netbios entry that pops up. Turns out it was actually BackOrifice2000. Wouldn't it have been better if a little flag came up "UNKNOWN - daemon on priveledged port"? With my suggestion it would :) me> Another option is to remove those entries, but I generally prefer to me> see as much detail about the remote host as possible, as there are me> often "rogue" daemons listening on ports one wouldn't expect - in me> particular ftpd and httpd are sometimes bound in strange places by me> their owners. me> I made this comment to justify why one might *keep* the entries as warnings ("unknown, priveledged port") versus outright *removal*. I did not imply that nmap should in any way deal with this :) Max
Current thread:
- Nmap 2.30BETA20 Released Fyodor (Apr 10)
- Re: Nmap 2.30BETA20 Released nmap-hackers (Apr 13)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 20)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Jeffrey Paul (Apr 21)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 21)
- Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
- Re: Nmap 2.30BETA20 Released Justin (Apr 21)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 21)
- Re: Nmap 2.30BETA20 Released Dragos Ruiu (Apr 21)
- Re: Nmap 2.30BETA20 Released Fyodor (Apr 22)
- <Possible follow-ups>
- Re: Nmap 2.30BETA20 Released Alek O. Komarnitsky (N-CSC) (Apr 21)