Re: Scanning Printers

[Hari Sekhon <hpsekhon () googlemail com>]

Thanks Doug,
  I realised this must be changeable after emailing Fyodor and poked 
around myself last night, found the line with exclude for 9100 and 
changed it to the following:

Exclude T:9100-9107

This worked for me. I've tested with the old Exclude T:9100 and loads of 
junk gets printed

7 ports (other than 9100) x the headers sent = lots of wasted paper !

But after changing the line to "Exclude T:9100-9107" in the 
nmap-service-probes file my printers haven't printed anything from the 
probes since service detection headers don't get sent to the JetDirect 
ports now.


Would it be possible to change this in the next release of Nmap so it's 
the default? Who should I speak to about that?


Thanks

-h

-- 
Hari Sekhon


doug () hcsw org wrote:
> Hi Hari!
>
> Good question and as Fyodor pointed out in a previous post, the ports
> excluded from version scans are specified by the Exclude directive in the
> nmap-service-probes file as described here:
>
> http://insecure.org/nmap/vscan/vscan-fileformat.html
>
> The current version
>
> http://insecure.org/nmap/data/nmap-service-probes
>
> has the following line:
>
> Exclude T:9100
>
> so Nmap only excludes TCP port 9100. When I added this feature I didn't
> know that some printers also do this on ports 9101-9107! I guess we need
> to decide whether to add these ports to the default Exclude directive
> or not.
>
> As you realise, the entire practice of skipping version detection on certain
> ports opens up a small hole. Hiding daemons on these ports potentially
> becomes somewhat easier - except obviously not against intelligent users
> like yourself who understand this. :)
>
> I don't know of any other common uses for these ports and see no reason
> to not add them to the default Exclude directive. Anyone?
>
> Best,
>
> Doug
>   


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org