Re: new NMAP re-tool(ing)

From: Don Parker (dparker_at_rigelksecurity.com)
Date: 07/06/04

  • Next message: Darren Webb: "RE: Raptor firewall 6.1 port 80" 
    Date: Mon, 5 Jul 2004 19:20:07 -0400 (EDT)
To: Martin Mačok <martin.ma***@underground.cz>, pen-test@securityfocus.com

    On a sidenote; I would not blindly rely on the output of nmap to give you the answers.
    You should always check the actual packets themselves. That infers though that one has
    the requisite knowledge of TCP/IP itself so as to interpret what you are getting back.

    Not only that but also to watch what nmap itself is also sending out. One should never
    solely rely on a tools output. It should always be verified. Nmap is not the end all be
    all of scanners. With a little knowledge of TCP/IP and say hping or nemesis one can get
    excellent results as well.

    Cheers,

    Don

    -------------------------------------------
    Don Parker, GCIA
    Intrusion Detection Specialist
    Rigel Kent Security & Advisory Services Inc
    www.rigelksecurity.com
    ph :613.233.HACK
    fax:613.233.1788
    toll: 1-877-777-H8CK
    --------------------------------------------

    On Jul 5 , Martin =?iso-8859-2?Q?Ma=E8ok?= <martin.ma***@underground.cz> wrote:

    On Mon, Jul 05, 2004 at 02:28:54AM -0700, Tyler Durden wrote:

    > Version numbers by banner grabbing and such?

    JFYI, Nmap has "version scanning" since version 3.40. It is
    implemented by different protocol probing and pattern matching
    of eventual replies. It recognizes something around thousand of
    different services by now (and BTW, new release is about to come
    hopefully later on this week).

    For more, see <a
    href='http://www.insecure.org/nmap/versionscan.html'>http://www.insecure.org/nmap/version
    scan.html</a>

    (Sorry if your question was not about Nmap itself but nwrap.pl ...)

    Martin Mačok
    IT Security Consultant

  • Next message: Darren Webb: "RE: Raptor firewall 6.1 port 80"
    • Quantcast