Re: new NMAP re-tool(ing)

From: Don Parker (dparker@rigelksecurity.com)
Date: Mon Jul 05 2004 - 19:20:07 EDT


On a sidenote; I would not blindly rely on the output of nmap to give you the answers.
You should always check the actual packets themselves. That infers though that one has
the requisite knowledge of TCP/IP itself so as to interpret what you are getting back.

Not only that but also to watch what nmap itself is also sending out. One should never
solely rely on a tools output. It should always be verified. Nmap is not the end all be
all of scanners. With a little knowledge of TCP/IP and say hping or nemesis one can get
excellent results as well.

Cheers,

Don

-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.233.HACK
fax:613.233.1788
toll: 1-877-777-H8CK
--------------------------------------------

On Jul 5 , Martin =?iso-8859-2?Q?Ma=E8ok?= <martin.macok@underground.cz> wrote:

On Mon, Jul 05, 2004 at 02:28:54AM -0700, Tyler Durden wrote:

> Version numbers by banner grabbing and such?

JFYI, Nmap has "version scanning" since version 3.40. It is
implemented by different protocol probing and pattern matching
of eventual replies. It recognizes something around thousand of
different services by now (and BTW, new release is about to come
hopefully later on this week).

For more, see <a
href='http://www.insecure.org/nmap/versionscan.html'>http://www.insecure.org/nmap/version
scan.html</a>

(Sorry if your question was not about Nmap itself but nwrap.pl ...)

Martin Mačok
IT Security Consultant



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:57 EDT