Nmap Development mailing list archives
Re: Question on --version-intensity and -sR interaction
From: David Fifield <david () bamsoftware com>
Date: Sat, 12 Mar 2011 10:53:01 -0800
On Fri, Mar 04, 2011 at 05:51:11PM -0800, Fyodor wrote:
On Fri, Mar 04, 2011 at 06:12:40PM -0600, Daniel Miller wrote:which seems to contradict what you said about only if they are detected as "rpcbind."Well, the "only if detected as rpcbind" behavior is only true if version detection is requested. With just -sR, Nmap does as the man page suggests and sends a bunch of probes to every port. My feeling is that we should probably remove the -sR option, but keep RPC grinding as a part of version detection. Even the Nmap man page acknowledges that "As version detection includes this and is much more comprehensive, -sR is rarely needed". Even if all you need is RPC grinding, -sV is generally more efficient since it does the "is this service even RPC?" check first.
There were some bugs such that -sV didn't automatically specify all of what -sR specified. Some examples from scanning NFS: # nmap -sU 192.168.0.2 -p nfs -sV PORT STATE SERVICE VERSION 2049/udp open nfs 2-4 (rpc #100003) # nmap -sU 192.168.0.2 -p nfs -sR PORT STATE SERVICE VERSION 2049/udp open nfs (nfs V2-4) 2-4 (rpc #100003) # nmap -sU 192.168.0.2 -p nfs -sVR PORT STATE SERVICE VERSION 2049/udp open nfs (nfs V2-4) 2-4 (rpc #100003) Also XML output differed: # nmap -sU 192.168.0.2 -p nfs -sV -oX - <service name="nfs" version="2-4" extrainfo="rpc #100003" method="probed" conf="10"/> # nmap -sU 192.168.0.2 -p nfs -sR -oX - <service name="nfs" version="2-4" extrainfo="rpc #100003" method="probed" conf="10" rpcnum="100003" lowver="2" highver="4" proto="rpc"/> # nmap -sU 192.168.0.2 -p nfs -sVR -oX - <service name="nfs" version="2-4" extrainfo="rpc #100003" method="probed" conf="10" rpcnum="100003" lowver="2" highver="4" proto="rpc"/>
Does anyone here use -sR without version detection (-sV or -A)? Removing command-line arguments is less popular than adding them, but it's something we need to do to keep Nmap (and its documentation) from getting too bloated and confusing. So unless we hear from folks here who really like having -sR by itself, I think we'll undocument it. For compatibility, we'll probably make it an alias for -sV and print a warning that it is deprecated.
I removed -sR as a separate option and made it an alias for -sV. This warning gets printed when you use -sR: WARNING: -sR is now an alias for -sV and activates version detection as well as RPC scan. The output of -sV is now the same as -sVR used to be. # nmap -sU 192.168.0.2 -p nfs -sV PORT STATE SERVICE VERSION 2049/udp open nfs (nfs V2-4) 2-4 (rpc #100003) # nmap -sU 192.168.0.2 -p nfs -sV -oX - <service name="nfs" version="2-4" extrainfo="rpc #100003" method="probed" conf="10" rpcnum="100003" lowver="2" highver="4" proto="rpc"/> David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Question on --version-intensity and -sR interaction Daniel Miller (Mar 04)
- Re: Question on --version-intensity and -sR interaction Fyodor (Mar 04)
- Re: Question on --version-intensity and -sR interaction Daniel Miller (Mar 04)
- Re: Question on --version-intensity and -sR interaction Fyodor (Mar 04)
- Re: Question on --version-intensity and -sR interaction David Fifield (Mar 12)
- Re: Question on --version-intensity and -sR interaction Daniel Miller (Mar 12)
- Re: Question on --version-intensity and -sR interaction David Fifield (Mar 12)
- Re: Question on --version-intensity and -sR interaction Daniel Miller (Mar 04)
- Re: Question on --version-intensity and -sR interaction Fyodor (Mar 04)