Hello, Saturday, May 18, 2002, 7:17:43 PM, you wrote: RD> On Sat, 18 May 2002, Scott Francis wrote:
And why, pray tell, would some unknown and unaffiliated person be scanning my network to gather information or run recon if they were not planning on attacking? I'm not saying that you're not right, I'm just saying that so far I have heard no valid non-attack reasons for portscans (other than those run by network admins against their own networks).
RD> I often like to know if a particular web server is running Unix or RD> Winblows. A port scanner is a useful tool in making that determination. [allan@ns1 phpdig]$ telnet www.istop.com 80 Trying 216.187.106.194... Connected to dci.doncaster.on.ca (216.187.106.194). Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Sun, 19 May 2002 01:47:57 GMT Server: Apache/1.3.22 (Unix) FrontPage/4.0.4.3 PHP/4.1.2 mod_fastcgi/2.2.8 Last-Modified: Sat, 18 May 2002 06:05:35 GMT ETag: "68807-9ff5-3ce5ef2f" Accept-Ranges: bytes Content-Length: 40949 Connection: close Content-Type: text/html Connection closed by foreign host. (make sure you hit [Enter] twice after the "HEAD / HTTP/1.0"). Gets you all of the information you need, and you don't have to do a portscan. I have a perl script that automates the task if you would like it, let me know. allan -- allan allan@allan.org http://www.allan.org