An Introduction To Security

You may be right, but the new version 3.48 was just released - date of 10/6/03 (I believe). This may be a better version. Haven't actuall loaded it yet.

I wasn't having any problems with 1.3.1, myself.

Yeah, 3.48 is new.. I recommend you get it because I don't think 3.00 has version scanning which is really becoming the most kick ass feature. It will tell you exactly what is running on a particular port.. for example IIS/4.0, Apache 1.3.27 etc etc and it does this not by grabbing banners but by maintaining a fingerprint database of known responses ! And when you find a service that it doesnt recognise you can submit the fingerprint to the database.

The new version will most likely have the newest submitted fingerprints. I actually submitted a fingerprint the other day for an Ascend Router telnet server.

I'll have to load it tomorrow or the next day and look at it.

Heres my holiday snapshot of version scanning at work, this is 3.45 running under Windows XP with winpcap 2.3

[code:1]
C:\WINDOWS>nmap -sS -sV -O -F -v 192.168.6.128

Starting nmap 3.45 ( http://www.insecure.org/nmap ) at 2003-11-06 03:36 India St
andard Time
Host 192.168.6.128 appears to be up ... good.
Initiating SYN Stealth Scan against 192.168.6.128 at 03:36
Adding open port 6000/tcp
Adding open port 111/tcp
Adding open port 1024/tcp
The SYN Stealth Scan took 3 seconds to scan 1211 ports.
Initiating service scan against 3 services on 1 host at 03:36
The service scan took 10 seconds to scan 3 services on 1 host.
Initiating RPCGrind Scan against 192.168.6.128 at 03:36
The RPCGrind Scan took 1 second to scan 2 ports.
For OSScan assuming that port 111 is open and port 1 is closed and neither are f
irewalled
Interesting ports on 192.168.6.128:
(The 1208 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
111/tcp open rpcbind 2 (rpc #100000)
1024/tcp open status 1 (rpc #100024)
6000/tcp open X11 (access denied)
Device type: PDA
Running: Linux 2.4.X
OS details: Linux 2.4.6 as on Sharp Zaurus PDA
Uptime 0.006 days (since Thu Nov 06 03:28:18 2003)
TCP Sequence Prediction: Class=random positive increments
Difficulty=2438573 (Good luck!)
IPID Sequence Generation: All zeros

Nmap run completed -- 1 IP address (1 host up) scanned in 29.583 seconds

C:\WINDOWS>[/code:1]

It identified the vmware linux box as on a PDA, which was wierd.. maybe the new fingerprints will help. But hows that for accuracy, the kernel is 2.4.21, and the uptime is perfect ! I can't believe people call this just a portscanner !

But does the GUI work well or look better? You said you didn't like the 1.3.1 GUI.

Yeah thanks, but do you guys have some kinda FAQWiki you can post it in? So we can have some giant conglomeration of Network FAQs?