Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: some nmap tools
From: Bo Cato <jcato73 () comcast net>
Date: Sun, 7 Dec 2003 09:04:31 -0500

That's very interesting. 80k ethernet based machines to keep tabs on
seems like a daunting task.

You said you do it from a single host. I don't know what your
resources are obviously, but would it not be much more efficient to
decentralize this? I would think that even if you only deployed your
script / nmap solution to 3 more areas the network congestion on the
LAN (routers, switches, firewalls, etc) you are centralized from would
be significantly less as well as cutting the scan time down. Of course
you'd have to have a means to gather the reports and consolidate but
that's trivial. You may have all the bandwidth you need but typically
this is not the case. If you have the access to the resources to
deploy a total of 4 scanning sites, one would think that 4 x 32 would
be quicker and less network intensive to any one path than 1 x 32. The
key would be to make sure the scan sites don't overlap hops.

I'm curious as to how much additional load/congestion 32 parallelized
(that a word?) scans place on your centralized scan point's LAN. If
it's of any real significance I image you have scheduled the scan to
begin and end during the least impactful 10 hour time frame... 9 PM -
7 AM for example depending on what time is prime time for the LAN the
scan is originating from.

I'm sure you've discussed this with fyodor already. I only mention it
out of curiosity.

-b

-------------------

Hello MadHat,

Saturday, December 6, 2003, 10:16:15 PM, you wrote:

M> I have the responsibility of monitoring a large number of IPs for 
M> security issues.  One of the most important things for me was to know
M> what was listening where and of course nmap is the only real solution.
M>   The problem was that my boss wanted me to be able to generate a report
M> of how many new ports were opened in the last 24 hours, how many new
M> hosts in the past 24 hours, or even how many hosts we have live that
M> are Internet facing or web servers, etc...

-<snip>-





---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]