Re: Proposed SSL version detection probe changes

[Kristof Boeynaems <kristof.boeynaems () gmail com>]

Kristof Boeynaems wrote:
> Brandon Enright wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Tue, 17 Feb 2009 22:02:19 +0000
> > Brandon Enright <bmenrigh () ucsd edu> wrote:
> >
> >  
> > > I was surveying 443, 465, 636, 990, 993 and 995.  If I get a moment to
> > > breath today I'll do a survey of those ports across campus and report
> > > the number of non-v2 services.
> > >
> > >     
> <snip>
>
> You can use the attached custom nmap-services-probe file that I 
> created yesterday for this distinction, or simply detect the Nsock 
> failures.

I did a more extensive survey (about 1000 SSL serving hosts), using the 
ports you suggested (and the version probe file I submitted earlier), 
and this time I found 7 non-SSL2-compatible services on 4 unique hosts:

995/tcp open   tlsv1-only
443/tcp open   tlsv1-only
993/tcp open   sslv3-only
995/tcp open   sslv3-only
465/tcp open   sslv3-only
993/tcp open   sslv3-only
995/tcp open   sslv3-only

That's out of 1885 total open services detected. In other words, about 
0.4% of the services found are non-SSLv2 compatible, and such services 
were found on 0.4% of the hosts.

Cheers,

Kristof

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org