Re: Question concering how nessus works when servicing are not running on their standard ports

[Pavel Kankovsky <peak_at_argo.troja.mff.cuni.cz>]

On Wed, 25 Feb 2004, Ashutosh Naik wrote:

> Say, I run both http and smtp on port 80,

You cannot do it because HTTP is "clients speaks first" while SMTP is
"server speaks first". (Well, you could do it if your server waited for a
HTTP request for some resonably short time and switched to SMTP mode and
sent SMTP hello afterwards. But such an approach would be rather unreliable
and SMTP would be slow.)

> then does the find_service populate the kb with items corresponding to
> both the services?

AFAICT, it would detect only one of those services (the "more
obvious" one).

It might be possible to probe every known service on every open port but
such an approach would be 1. very slow, 2. very noisy, 3. very likely to
upset the "Nessus is evil because it killed my mission critical service"
crowd <g>.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."