RE: Stumbling into the obvious

[Stephen Kleine <skleine.h6foc1 () cwfinc com>]

From: David Fifield [mailto:david () bamsoftware com] 
Sent: Friday, April 09, 2010 3:14 PM
To: Stephen Kleine
Cc: nmap-dev () insecure org
Subject: Re: Stumbling into the obvious

On Fri, Apr 09, 2010 at 09:32:13AM -0400, Stephen Kleine wrote:
> Obligatory Notice: I'm a relative newcomer to NMAP.
>
> After reading about the Mayo Clinic's scan in the book, I did some research on commonly-used windows ports.
>
> I've come up with this scan for windows systems
>
> nmap -p 
> 1-1023,1067,1068,1270,1433,1434,1645,1646,1701,1723,1755,1801,1812,1813,1900,2101,2103,2105,2107,2393,2394,2460,2535,2701-2704,2725,2869,3268,3269,3343,3389,3527,4011,4500,5000,5004,5005,5722,6001,6002,6004,42424,51515
>  -T3 -n -PN

Tell us more about the research you did. How much overlap is there with
Nmap's default 1000-port list? You can easily extract the port list from
XML output.

------

There is a fair amount of overlap between the Normal scan and the windows scan I've found (both do the bottom 1023 
ports, PPTP is well within the top 67 ports, etc.)

As for research on the windows specific ports, those can be found at http://support.microsoft.com/kb/832017#5 on the 
table Ports and Protocols.

I suppose the lower 1023 could be eliminated in favor of the windows ports on that table, but that seems... incomplete 
to me.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/