From: infosecgod@gmail.com
Date: Tue Dec 14 2004 - 15:57:09 EST
>Port scanning is only part of it. If you are using >manual or automated tools you still need to VERIFY that >the port number associated with the protocol is indeed >what it advertises to be. Nmap for instance blindly >accepts that port 22 is associated with SSH but it this >fact? You should always verify the port protocol to >ensure that this is the case.
This is true – however nmap offers the –sV flag which does a fairly good job of service enumeration
J/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:11 EDT