Re: [ISN] Nmap Version Detection Rocks

From: InfoSec News (isn@private)
Date: Wed Oct 15 2003 - 01:21:10 PDT

  • Next message: InfoSec News: "[ISN] NIST releases security guidelines"

    Forwarded from: Fyodor <fyodor@private>
    
    On Tue, Oct 14, 2003 at 07:23:03AM -0500, InfoSec News wrote:
    > Forwarded from: Dragos Ruiu <dr@private>
    > [...] 
    > Just a nit, but the -sV scan was first available in nmap 2.53 not
    > 3.45. Up until 3.45 it was a secondary patch that needed to be
    > applied.
    > 
    > [...]
    > 
    > It has just been finally recoded into c from c++ and put in the main
    > distribution. It has been improved a little and yes it is still cool.
    
    Actually these are two completely separate projects for adding version
    detection to Nmap.  As you mentioned, Saurik's +V patch has been
    available for years and has proven itself quite useful on many
    occasions.  It is probably the most popular external Nmap patch ever -
    mad props to Saurik!  Yet I never added it to Nmap due to concerns
    about performance and maintainability.  In addition to desiring
    parallelism and discreet signatures, I wanted to add support for UDP,
    IPv6, and cool features such as SSL-scanthrough.  So I wrote the Nmap
    version detection engine (and the signature database) from scratch. 
    My paper describing the system is available at
    http://www.insecure.org/nmap/versionscan.html .
    
    Cheers,
    Fyodor
    http://www.insecure.org
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Oct 15 2003 - 04:07:06 PDT