RE: winMap vs nmapNT

From: Marc Maiffret (marc@eeye.com)
Date: 07/26/01

• Previous message: Googi Singha: "Re: Comparative Analysis of Web Servers"
• In reply to: Ivan: "winMap vs nmapNT"
• Next in thread: Surt@HammerofGod.com: "Re: winMap vs nmapNT"
• Next in thread: Frank Knobbe: "RE: winMap vs nmapNT"
• Reply: Surt@HammerofGod.com: "Re: winMap vs nmapNT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Marc Maiffret" <marc@eeye.com>
To: "Ivan" <ivan@incode.com.au>, <focus-ids@securityfocus.com>, <SECURITY-BASICS@securityfocus.com>, <focus-ms@securityfocus.com>
Subject: RE: winMap vs nmapNT
Date: Thu, 26 Jul 2001 10:22:26 -0700
Message-ID: <EIEOJCKGEPCLJHGCNNOPGENNEDAA.marc@eeye.com>

winmap is a connect() port scanner like the billion and one other ones out
there.

nmapNT is a port of nmap (the best freeware scanner) and so it has SYN
scanning and a lot of other stuff.

Also from the winmap page it says "Q: Why can't I use the SYN scan feature?
A: Presently the only known working platform for SYN scan is Windows
2000(tm). Some third-party windows socket implementations may work, but this
is yet to be confirmed. Windows 2000(tm) is a great improvement over all
previous Windows(tm) versions, so an upgrade is recommended. "

That is actually not correct... you can do SYN scanning from all versions of
windows.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

|-----Original Message-----
|From: Ivan [mailto:ivan@incode.com.au]
|Sent: Wednesday, July 25, 2001 5:01 PM
|To: focus-ids@securityfocus.com; SECURITY-BASICS@securityfocus.com;
|focus-ms@securityfocus.com
|Subject: winMap vs nmapNT
|
|
|Hi all,
| I started looking at winMap yesterday and
|http://labs.defcom.com/releases/winmap/
|
|did some comparison scanning vs nmapNT.
|winMap is quick, I would say that would be the only difference as they both
|found the same services on the targets. Not sure what the
|difference is when
|it comes to IDS such as snort picking the scans up?
|
|Anyone else had a play with it?
|
|Ivan
|
|

---

• Previous message: Googi Singha: "Re: Comparative Analysis of Web Servers"
• In reply to: Ivan: "winMap vs nmapNT"
• Next in thread: Surt@HammerofGod.com: "Re: winMap vs nmapNT"
• Next in thread: Frank Knobbe: "RE: winMap vs nmapNT"
• Reply: Surt@HammerofGod.com: "Re: winMap vs nmapNT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: winMap vs nmapNT ... Subject: winMap vs nmapNT ... nmapNT is a port of nmap (the best freeware scanner) and so it has SYN ... Presently the only known working platform for SYN scan is Windows ... (Focus-Microsoft) Re: winMap vs nmapNT ... Subject: winMap vs nmapNT ... > nmapNT is a port of nmap and so it has SYN ... Presently the only known working platform for SYN scan is Windows ... (Security-Basics) RE: winMap vs nmapNT ... Subject: winMap vs nmapNT ... > did some comparison scanning vs nmapNT. ... No, but from what the description says, it uses Windows sockets. ... Version: PGP Personal Privacy 6.5.8 ... (Security-Basics) RE: winMap vs nmapNT ... Subject: winMap vs nmapNT ... This looks qite cool - i've had a play with it & seems just the same as ... COLT Telecommunications ... (Security-Basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)