[Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?

[Marcin Antkiewicz]

On Sat, 17 Feb 2007, endrazine wrote:

> Hi,
>
> you dont want to ask nmap to determine the OS based on port 23 scan only.
> so, s/p23// in the second nmap call.

That would run through nmap's list of default ports (2000). OS guess 
needs one closed, and one open port to be effective.

I will supply port 23 which will be open if the OS is reported and, by 
default, nmap will provide a closed one by probing a few (3?) random high 
ports.

-sV tests only what was supplied to it, because it starts a version scan

--
Marcin Antkiewicz