Re: Nmap/netwag problem.

[Kaj Huisman <kaj.huisman () gmail com>]

Pete Herzog wrote:
> Kaj,
>
>
> > Anyway. a 'full connect' scan (one that performs the complete three-way
> > handshake will _always_ (?) be the most reliable.
> > My sugeestion is to perform either a nmap connect scan on the ports from
> > both results or to manually telnet to the ports and see the response.
>
>
> I have to disagree with you here.  A full connect scan is not the most
> reliable.  There are many security defensive processes now which require
> proper protocol queries to provide a response- I see this very often
> with web ports.  If you send anything other than a http request, you
> will not see a service behind the web port.

Uhm, before _any_ data gets sent a full tcp handshake has takes place.
Thus a full connect scan will reliably report a port open if it is.You
From the nmap man:
	If the port is listening, connect() will succeed, otherwise the			port 
isn't reachable.


------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------