[ale] nmap scans
Jonathan Feldman
Jonathan at chathamcounty.org
Thu Dec 14 11:55:28 EST 2000
Greetings, Martin!
If I understand your question correctly, you are looking to correlate open ports on your system to a process id, right?
The answer is, (for Unix/Linux anyway) use "lsof", which lists open file handles and corresponding PIDs (where file handles also includes sockets). Naturally, you need to do this on the local system; I'm not aware of any remote mechanism to do this.
When you say "degree of difficulty," you mean the sequence number guessing? My opinion is, "trivial" is not a good thing for any server (you're going to get this on all of your Win9x boxen). I'm not sure how to fix NT... 2000 does a little better than NT ("worthy challenge," at 8447); RedHat is "Good luck!" at 1227910; Slackware 7.1 is also "Good Luck!" at 4137041.
Any OS worth its salt nowadays has a very high difficulty factor. I am sort of surprised that Win2K is not totally random. It's not as if MS didn't see this sort of thing coming.
--Jonathan
Jonathan Feldman
Chief Technical Manager, Chatham County ICS http://chathamcounty.org
Contributing Editor, Network Computing Magazine http://nwc.com
"Teach Yourself Network Troubleshooting"
"Network+ Exam Guide" http://feldman.org
>>> Martin Nichols <mnichol at webentrada.com> 12/14 10:10 AM >>>
Good Morning,
I read an email the other day from this list about nmap scans. How do you
identify which process is controlling a specific port? Also when the scan
returns a degree of difficulty I understand the higher the better but is there
an "acceptable" range a sys admin should shoot for? I realize this is just an
opinion but all opinions are welcome.
Thank You,
Marty
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list