Lupasafe (Skopos Security Labs B.V.)

Assumption vs. verification

Traditional tools like Nmap often make assumptions based on port numbers. For example:

• Port 21 is automatically labeled as FTP
• Port 25 is automatically labeled as SMTP
• Port 80 is automatically labeled as HTTP

This is a shortcut approach that works in many cases but isn't always accurate. 

Lupasafe takes a more cautious approach by:

• Not assuming services based on port numbers
• Actively probing each open port to verify what service is actually running
• Only identifying services when they can be definitively confirmed

"Unknown" vs. "Filtered" ports

In the Nmap scans, you'll often see entries labeled as "filtered" (like ports 23, 111, 135, etc.). This simply means:

• Nmap received no response when probing these ports
• A firewall or other network device might be blocking the scan
• The actual state of these ports (open or closed) remains unknown

Lupasafe does not display these rather than making assumptions about filtering.

Service fingerprinting

What makes Lupasafe's approach different is our sequential testing methodology:

1. For each open port, we test multiple protocols: http(s), smtp, ftp, etc.
2. Welook for specific response codes:
   • For SMTP: response codes 220 AND 250
   • For FTP: response codes 220 AND 331
3. This helps identify services running on non-standard ports

More thorough version detection

Nmap often returns generic service names without version information. Lupasafe attempts to extract product names and versions wherever possible, providing more valuable information for vulnerability assessments.

Why this matters for security in general & pen-testers specific

Understanding these differences is crucial:

1. Accuracy over quantity: Having a longer list of ports doesn't mean better results if many are just "filtered" with no actionable information
2. Verification is key: Never trust that a standard port number is running its standard service - always verify
3. Conservative reporting: It's better to report "Unknown" than to report potentially incorrect information
4. Service banners matter: The actual response from a service often contains valuable version information that generic port scanners might miss

While Nmap is an excellent and fast reconnaissance tool, enterprise platforms like Lupasafe aim for higher accuracy at the cost of being less definitive when information is unclear.