Re: winMap vs nmapNT

From: Surt@HammerofGod.com
Date: 07/27/01 

From: Surt@HammerofGod.com
To: focus-ms@securityfocus.com, focus-ids@securityfocus.com, SECURITY-BASICS@securityfocus.com
Message-ID: <01c301c11639$84facb20$9e1ac0d1@holler>
Subject: Re: winMap vs nmapNT
Date: Thu, 26 Jul 2001 21:14:44 -0400

Ivan,

You forgot to mention fscan. I think this is the most stable of the bunch

As far as half-scans stick with nmap *nix. But honestly, any IDS worth
anything will get that quick. If you need to be stealth, then you need to
specify the time out between connections. Space them WAY out. port by
port, day by day... patience is a virtue. And in this case so are stable
port scanners.

--Surt

****************************
use Muspell
select King from Fire_Giants
where HammerofGod = 1
AND xtype IN ('Good','Evil')

------------------------------------------------------------
Surt

(1 row(s) affected)

----- Original Message -----
From: "Marc Maiffret" <marc@eeye.com>
To: "Ivan" <ivan@incode.com.au>; <focus-ids@securityfocus.com>;
<SECURITY-BASICS@securityfocus.com>; <focus-ms@securityfocus.com>
Sent: Thursday, July 26, 2001 1:22 PM
Subject: RE: winMap vs nmapNT

> winmap is a connect() port scanner like the billion and one other ones out
> there.
>
> nmapNT is a port of nmap (the best freeware scanner) and so it has SYN
> scanning and a lot of other stuff.
>
> Also from the winmap page it says "Q: Why can't I use the SYN scan
feature?
> A: Presently the only known working platform for SYN scan is Windows
> 2000(tm). Some third-party windows socket implementations may work, but
this
> is yet to be confirmed. Windows 2000(tm) is a great improvement over all
> previous Windows(tm) versions, so an upgrade is recommended. "
>
> That is actually not correct... you can do SYN scanning from all versions
of
> windows.
>
> Signed,
> Marc Maiffret
> Chief Hacking Officer
> eEye Digital Security
> T.949.349.9062
> F.949.349.9538
> http://eEye.com/Retina - Network Security Scanner
> http://eEye.com/Iris - Network Traffic Analyzer
> http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
>
> |-----Original Message-----
> |From: Ivan [mailto:ivan@incode.com.au]
> |Sent: Wednesday, July 25, 2001 5:01 PM
> |To: focus-ids@securityfocus.com; SECURITY-BASICS@securityfocus.com;
> |focus-ms@securityfocus.com
> |Subject: winMap vs nmapNT
> |
> |
> |Hi all,
> | I started looking at winMap yesterday and
> |http://labs.defcom.com/releases/winmap/
> |
> |did some comparison scanning vs nmapNT.
> |winMap is quick, I would say that would be the only difference as they
both
> |found the same services on the targets. Not sure what the
> |difference is when
> |it comes to IDS such as snort picking the scans up?
> |
> |Anyone else had a play with it?
> |
> |Ivan
> |
> |

Relevant Pages

  • RE: winMap vs nmapNT
    ... Subject: winMap vs nmapNT ... nmapNT is a port of nmap (the best freeware scanner) and so it has SYN ... Presently the only known working platform for SYN scan is Windows ...
    (Security-Basics)
  • RE: winMap vs nmapNT
    ... Subject: winMap vs nmapNT ... > did some comparison scanning vs nmapNT. ... No, but from what the description says, it uses Windows sockets. ... Version: PGP Personal Privacy 6.5.8 ...
    (Security-Basics)
  • RE: winMap vs nmapNT
    ... Subject: winMap vs nmapNT ... nmapNT is a port of nmap (the best freeware scanner) and so it has SYN ... Presently the only known working platform for SYN scan is Windows ...
    (Focus-Microsoft)
  • RE: winMap vs nmapNT
    ... Subject: winMap vs nmapNT ... This looks qite cool - i've had a play with it & seems just the same as ... COLT Telecommunications ...
    (Security-Basics)