Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: new NMAP re-tool(ing)

From: "Don Parker" <dparker () rigelksecurity com>
Date: Mon, 5 Jul 2004 19:20:07 -0400 (EDT)
On a sidenote; I would not blindly rely on the output of nmap to give you the answers. 
You should always check the actual packets themselves. That infers though that one has 
the requisite knowledge of TCP/IP itself so as to interpret what you are getting back. 

Not only that but also to watch what nmap itself is also sending out. One should never 
solely rely on a tools output. It should always be verified. Nmap is not the end all be 
all of scanners. With a little knowledge of TCP/IP and say hping or nemesis one can get 
excellent results as well. 

Cheers,

Don

-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.233.HACK
fax:613.233.1788
toll: 1-877-777-H8CK
--------------------------------------------

On Jul 5 , Martin =?iso-8859-2?Q?Ma=E8ok?= <martin.macok () underground cz> wrote:

On Mon, Jul 05, 2004 at 02:28:54AM -0700, Tyler Durden wrote:


Version numbers by banner grabbing and such?


JFYI, Nmap has "version scanning" since version 3.40. It is
implemented by different protocol probing and pattern matching
of eventual replies. It recognizes something around thousand of
different services by now (and BTW, new release is about to come
hopefully later on this week).

For more, see <a 
href='http://www.insecure.org/nmap/versionscan.html&apos;>http://www.insecure.org/nmap/version
scan.html</a>

(Sorry if your question was not about Nmap itself but nwrap.pl ...)

Martin Maèok
IT Security Consultant
Previous By Date Next
Previous By Thread Next

Current thread: