Nmap Development mailing list archives
Re: Top ports and -p switch extension patchset
From: "Eddie Bell" <ejlbell () gmail com>
Date: Wed, 16 May 2007 12:50:12 +0100
Hi Doug, Great ideas, nmap really needs a replacement for -F. Kris and I have been talking about it a little.
This patch, when combined with a new format nmap-services file, will change the ports that Nmap scans with a default scan and with a fast scan. Currently deployed scripts that rely on certain ports being scanned might have to be changed.
Maybe keep -F and default the same for compatibility, then introduce --top-port and --port-ratio as well. Eventually the default scan could be migrated and we could have an argument that switches back to the old ports if needed
Collecting meaningful data for this sort of DB (nmap-services) is hard! I am not convinced there is such a thing as a "typical port distribution" for hosts on today's internet. And what's more, with the pace of technological development as it is, I'm not sure that any "typical distribution" will stay "typical" for long.
I think a scalable way to do this is some sort of online submission. Either autonomous or user-driven. After each scan nmap could automatically submit port statistics to a server (cmd-line option to disable or enable it?). Or we could print a message after a scan has finished (only in verbose mode?) and ask the user to submit the statistics manually. Another thought, It would probably best to have a set limit for the nmap-service statistics E.G. how many open ports per 100,000. Or just record it as a probability.
Perhaps the biggest issue I see with the new default/fast scan behaviour is that it becomes difficult to know if a given port was scanned for when looking at a scan's results. Was protocol XYZ included in a fast scan with the services file shipped on some given date? It's not easy to know, especially if we plan on doing semi-frequent updates to this DB.
Not sure about this one, at least the port range will be in the XML file. thanks - eddie _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Top ports and -p switch extension patchset doug (May 16)
- Re: Top ports and -p switch extension patchset Luis Martin Garcia (May 16)
- Re: Top ports and -p switch extension patchset Eddie Bell (May 16)
- Re: Top ports and -p switch extension patchset DePriest, Jason R. (May 16)
- Re: Top ports and -p switch extension patchset (fix for list and ping scans) David Fifield (May 22)
- Re: Top ports and -p switch extension patchset Kris Katterjohn (May 23)