Re: help interpreting the nmap output
miguel.dilaj_at_pharma.novartis.com
Date: 12/17/04
- Previous message: Kelly Martin: "SF new column announcement: Zero Viruses In 2005?"
- Maybe in reply to: Ivan Fratric: "help interpreting the nmap output"
- Next in thread: Harshul Nayak: "RE: help interpreting the nmap output"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Fri, 17 Dec 2004 09:37:57 +0100
Hi Ivan,
Good! Yes, you guess correctly, it seems that Apache was setup to show
only its name.
For other ports, like services that don't have a text banner, you've 2
very nice options:
a) use the -sV option in nmap. Read The Fine Manual, and also the article
at http://www.insecure.org/nmap/versionscan.html
Take into account that this is not stealth (like -sS), it establishes the
full TCP connection.
Be sure to use latest nmap, this option is quite new (>=3.45).
There's also a good article by Brian Hatch at InfoSec News:
http://lists.virus.org/isn-0310/msg00030.html
b) use amap (http://www.thc.org/releases.php)
Amap is a next-generation scanning tool, which identifies applications and
services even if they are not listening on the default port by creating a
bogus-communication and analyzing the responses. Changes: more
identifications, SSL bugix. Voted into the top-50 security tool list!
There're other tools out there to do the identification, Nessus for
example can do some detection, but the 2 tools above are the preferred
ones by most people (in my case: plain nmap, but I recognize the merits of
amap as well).
Cheers,
Miguel Dilaj (Nekromancer)
Vice-President of IT Security Research, OISSG
"Ivan Fratric" <hacky_2001@hotmail.com>
16/12/2004 19:57
To: Miguel Dilaj/PH/Novartis@PH, security-basics@securityfocus.com
cc:
Subject: Re: help interpreting the nmap output
Thanks for the reply. I tried using netcat, and I get the following
nc -vv xxx.xxx.xxx.xxx 80
xxxxxxxxxxxx.com [xxx.xxx.xxx.xxx] 80 (http) open
HEAD / HTTP/1.1
Host: www.xxxxxxxxxxx.com
HTTP/1.1 200 OK
Date: Thu, 16 Dec 2004 19:41:45 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
So I guess the apache is configured not to show its version? When I try
using netcat on the other mentioned ports I get something like
nc -vv xxx.xxx.xxx.xxx 23
xxxxxxxxxxxx.com [xxx.xxx.xxx.xxx] 23 (telnet) open
sent 0, rcvd 0: NOTSOCK
Is there anything else that can be done regarding the ports giving output
like this?
- Previous message: Kelly Martin: "SF new column announcement: Zero Viruses In 2005?"
- Maybe in reply to: Ivan Fratric: "help interpreting the nmap output"
- Next in thread: Harshul Nayak: "RE: help interpreting the nmap output"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
