[ale] nmap scans

Jonathan Feldman Jonathan at chathamcounty.org
Thu Dec 14 11:55:28 EST 2000


Greetings, Martin!

If I understand your question correctly, you are looking to correlate open ports on your system to a process id, right?  

The answer is, (for Unix/Linux anyway) use "lsof", which lists open file handles and corresponding PIDs (where file handles also includes sockets).  Naturally, you need to do this on the local system; I'm not aware of any remote mechanism to do this.

When you say "degree of difficulty," you mean the sequence number guessing?  My opinion is, "trivial" is not a good thing for any server (you're going to get this on all of your Win9x boxen).  I'm not sure how to fix NT... 2000 does a little better than NT ("worthy challenge," at 8447); RedHat is "Good luck!" at 1227910; Slackware 7.1 is also "Good Luck!" at 4137041.

Any OS worth its salt nowadays has a very high difficulty factor.  I am sort of surprised that Win2K is not totally random.  It's not as if MS didn't see this sort of thing coming.


--Jonathan
Jonathan Feldman
Chief Technical Manager, Chatham County ICS http://chathamcounty.org
Contributing Editor, Network Computing Magazine http://nwc.com
"Teach Yourself Network Troubleshooting"
"Network+ Exam Guide" http://feldman.org


>>> Martin Nichols <mnichol at webentrada.com> 12/14 10:10 AM >>>
Good Morning,
I read an email the other day from this list about nmap scans. How do you
identify which process is controlling a specific port? Also when the scan
returns a degree of difficulty I understand the higher the better but is there
an "acceptable" range a sys admin should shoot for? I realize this is just an
opinion but all opinions are welcome.
Thank You,
Marty 




 
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list