search

minvws / nl-kat-coordination

Repo nl-kat-coordination for minvws
European Union Public License 1.2
122 stars 55 forks source link

Database port 3050 not scanned by nmap top 250 #1434

Open dekkers opened 1 year ago

dekkers commented 1 year ago

We list port 3050 in the default database TCP ports, but the nmap top 250 doesn't include that port. Port 3050 tcp is listed in place 16557 in the nmap services file.

The nmap top ports are also based on data from 2008 or earlier (it was commited to the nmap repository in 2008). Maybe we should define our own list of top ports that are important to scan.

underdarknl commented 3 weeks ago

Are we sure this top-ports list is not just the file listed here?

https://github.com/nmap/nmap/blob/master/nmap-services

That would mean it still is maintained (and that we can offer a custom one). The 3050 port is still listed way beyond the top 250 though. Another option is to just point users at the shortcomings of only scanning the top X ports and what that means, possibly also linking to the used nmap-services list for their understanding.

dekkers commented 3 days ago

Are we sure this top-ports list is not just the file listed here?

https://github.com/nmap/nmap/blob/master/nmap-services

That would mean it still is maintained (and that we can offer a custom one). The 3050 port is still listed way beyond the top 250 though. Another option is to just point users at the shortcomings of only scanning the top X ports and what that means, possibly also linking to the used nmap-services list for their understanding.

That the file is in git and that there are some small edits does not mean that the frequencies of which ports are most often open are maintained. If you do git blame you can see that most of them haven't been changed since the file was first committed in 2008 and are likely older than that. You can also see that if you look at the frequencies: telnet is found open more often than ssh. As far as I know that hasn't been the case for a very long time...

This is not something high priority, but I do think OpenKAT should have a good default list of ports to scan which includes the high risk ports of today such as the default ports of docker and kubernetes API server instead of the high risk ports of 20 years ago.