Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nmap Gets Version Detection

Posted by CmdrTaco on from the dropping-your-pants dept.

Anonymous Coward writes "Up until now, everyone's favorite port scanner, nmap has had decent OS detection (through TCP fingerprinting) and service identification based on the open port, but the latest version, 3.45 released today, has version detection for each service! This means not only can nmap tell you that httpd is running on port 80, but that it is `apache httpd version 2.0.39`! While this is a little bit worrisome because of what malicious purposes people might use nmap's version detection for, this should make the jobs of admins everywhere easier and keep us all more on our toes when it comes to security. Fyodor has also published a paper on how the version detection works."

7 of 172 comments (clear)

  1. Worrysome? by mrtroy · · Score: 4, Insightful

    If you plan your network security through obscurity...thats asking for trouble.

    If you hope nobody can hack you or cause any problems with your servers because you assume they dont know what you are running...that is a problem.

    How about being accountable, upgrading and securing your system, instead of being alarmed that "suddenly" (like they couldnt before) people can see specifically what you are running.

    Hats off to nmap...first matrix reloaded, now a drastic improvement! Who knows, matrix revolutions may be sporting a new nmap!

    --
    [I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
  2. No use for worms, only for (h|cr)acking by lougarou · · Score: 3, Insightful

    Security through obscurity never worked that much, will work much worse now. However, I do not see worms using such tools to propagate better. Worms just try to infect everyone and do not care about being glued in honeypots.

  3. Worrisome? No. by sonicattack · · Score: 5, Insightful

    While this is a little bit worrisome because of what malicious purposes people might use nmap's version detection for [...]

    By the same logic, one might consider it "worrisome" that there even exists software packages like "Nessus" and "Saint".

    Adding features such as version detection to a tool that can be used for both good and bad purposed shouldn't be considered "worrisome". It is just something that makes the tool better, for good and for bad. And unless we are talking about software which by design always causes destructive damage when used, I will always consider it a good thing that there are such excellent security auditing tools available to the public. With all respect, sorry to hear that someone finds this "worrisome".

  4. Re:worrisome? nah! by EvilOpie · · Score: 4, Insightful

    When you have to keep track of many different servers of different OSes, sometimes you forget things, or stuff that you thought you turned off you find out you didn't. It happens to the best of us.

    It's the first thing I always do when I put a new server on the network. It never hurts to do a double-check to make sure that your servers are behaving the way that you think they are. Just like it doesn't hurt to reboot a linux box perodically to make sure that all your startup scrips work as expected in case of a power outage or whatever.

    --
    -Through the server, over the router, off the firewall... Nothing but 'Net!
  5. Re:Speaking of versions by DeadMeat+(TM) · · Score: 3, Insightful
    Still, that makes it two remote root holes in the default install now I believe...
    The Internet Storm Center says it "may not be exploitable on . . . OpenBSD". ('course, you should probably patch anyway.)
  6. Re:oops, they did it again.... by molarmass192 · · Score: 3, Insightful

    When you support 10,000 servers and 30,000 desktops

    There's no way to support this many machines alone. It's simply an impossible workload. As for making the lives of SKs easier, yep, it'll help em target machines, no doubt about it. There's a positive though, at least this tool is public and we're all aware of it now. It's the tools I don't know about that worry me.

    --

    Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws-Plato
  7. who cares anymore ? by TTL0 · · Score: 3, Insightful

    the kids just run scripts. no one cares about what OS you are running much less what versions.

    how many lines in your apache logs look like this ?

    "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 284
    "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 282
    "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
    "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
    "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
    "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/syst em32/cmd.exe?/c+dir
    HTTP/1.0" 404 323
    24.91.103.152 "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/syst em32/cmd.exe?/c+dir HTTP/1.0" 404 323
    24.91.103.152 "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c 1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 339
    24.91.103.152 "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305 ??

    --
    Sanity is the trademark of a weak mind. -- Mark Harrold