Nmap -- looking from the outside in Like any tool, portscanners can be used for multiple purposes. Running one against your own system to see what holes there are is fine. But running one against someone else's box is usually seen as an attack, or the preliminary to one.
What is nmap and what can it do? Nmap was the source of strange new scan patterns started being detected by the SHADOW ID Systems located throughout the Internet. The reported traffic varies from incident to incident. However, it can generally be categorized into two distinct groups.
A practical approach for defeating Nmap OS-Fingerprinting The purpose of this paper is to try to enumerate and briefly describe all applications and technics deployed for defeating Nmap OS Fingerprint, but in any case, security by obscurity is not good approach
Remote OS detection via TCP/IP Stack FingerPrinting While Nmap has supported OS detection since 1998, this article describes the 2nd generation system which debuted in 2006. When exploring a network for security auditing or inventory/administration, you usually want to know more than the bare IP addresses of identified machines. Your reaction to discovering a printer may be very different than to finding a router, wireless access point, telephone PBX, game console, Windows desktop, or UNIX server. Finer grained detection (such as distinguishing Mac OS X 10.4 from 10.3) is useful for determining vulnerability to specific flaws and for tailoring effective exploits for those vulnerabilities.
Nmap Version Scanning Even if Nmap is right, and the hypothetical server above is running SMTP, HTTP, and DNS servers, that is not a lot of information. When doing vulnerability assessments of your companies or clients, you really what to know which mail and DNS servers are running, as well as the version number if possible. Having an accurate version number helps dramatically in determining which exploits a server is vulnerable to.
Actions
Category Stats