There might be a certain need to clarify the meaning of "scanner" in
general:
We have
1) vulnerability scanners
a) local
Checks for known vulnerabilities in local programs and
misconfiguration such as wrong permissions and ownerships.
Tripwire might count as such a scanner, in a limited way, as well as
the seccheck scripts that come with SuSE.
b) network-based
Those scanners check the network services on a machine for known
vulnerabilities, usually by connecting to them and speaking the
protocol at each case, recognizing the program versions.
2) port scanners
... send specially crafted packets to a single host or a larger
choice of hosts (or even networks) and interpret the response. The
interpretation can include information wrt to the state of the port
(filtered, just no process that binds to the port, blackholed, open
and restricted on layer 5 (application or tcp-wrapper)) as well as
some characteristics of the host architecture and operating system.
Port scanners may be very fast in scanning large parts of networks,
nmap may be one of the fastest.
Roman.
--
- -
| Roman Drahtmüller