+++ Alexei Roudnev [22/01/04 09:05 -0800]:
My results vary from 15 minuts to 1 hour.
Mine too. So nmap sucks if you want to quickly identify daemons running on strange ports. No big deal. This discussion wasn't about nmap to start with. The point of the discussion was wether it made sense to run services on non-standard ports to deter cr4x0rs. And I feel it doesn't. However: nmap can be tweaked, if you want to operate with an axe. The default timeout per port is 5 seconds. You could shorten that. You could pre-scan networks, to find only interesting ports, and version-scan those. You could scan large subnets in parallel. You could re-write parts of it, or start from scratch. As long as a sshd yells "SSH-1.99" at you the moment you connect to it's port there's no hiding sshd. A well-tuned iptables or equivalent, on the other hand, might hide the presence of daemons completely for anyone except the designated users. How is that for obscurity? Unless you're coming from one of a very few permissible hosts, and connect to a specific IP on the machine you will get a normal RST, and think the port is unused. Even H4x0rsc4n Pr0 won't tell you that port is actually a way in, unless you happen to scan it from the right machine. -- Ruben van der Leij