Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Hackers: Re: Examples of legit nmap usage?

Re: Examples of legit nmap usage?

From: David Carmean <dlc_at_netapp.com>
Date: Fri, 17 Sep 1999 22:04:27 -0700

Recently I used a combination of shell scripts and nmap to perform a
rough survey of operating systems on a subset of our internal networks.

I was careful to scan only networks which were actually reachable from
my machine, lest I DoS the firewall by filling the connection-state buffer.
I then ran nmap with a set of options chosen to cause as little stress on
the target machines as possible, something like (I can't find the exact
test right now): "nmap -v -M1 -PI -sT -p80,138,139 -O $prefix/$mask".

Fyodor also has on his list of things to do the addition of an interval
option to slow portscans on a single machine (and perhaps between machines
on a network scan?).

Especially once this appears, you should be able to use nmap for legitimate
discovery purposes with perhaps even less impact than other network
management packages. If you're responsible in some way for managing
those networks, you should be able to justify the scans as part of
your job description.... And point the complainers to tools like
swatch or awk to clean up their logfiles :o)

On Fri, Sep 17, 1999 at 05:25:11PM -0400, Bennett Todd wrote:
> I've used it often for legitimate, business-related purposes. But I focus it
> quite tightly. I've never unleashed it over anything bigger than a /25, and
> even in that case I only let it loose because I _Knew_ there was nothing there
> that it could crash that I cared about. More often I'm invoking it for OS type
> detection pointed at a single host.
>
> Big, out-of-control, unmanaged corporate nets (I've spent years around
> them:-) accumulate cruft, and the cruft they accumulate tends to be fragile,
> creaky, oddball old boxes that nobody knows how to manage anymore but that
> small groups of fantastically important users count upon. So unleash your
> nmap-from-hell and beware, you may tickle an obscure bug in an ancient box
> hand-built by Seymour Cray himself, the only one of its kind ever made, whose
> sole user pays the salaries of everyone you ever met in the entire time you
> worked at the company, with money he makes with an investment strategy
> hand-coded in assembler for this special machine, by an analytic wizard who
> has since died.
>
> Perhaps I overstate, it's in my nature I'll admit. But that's the kind of
> horror you need to fear when casting nmap far and wide. There are boxes out
> there that will crash when nmap with the right settings casts its gaze their
> way, and the users of those boxes are _never_ amused when it happens.
>
> -Bennett 

-- 
--                                                         _    .    _    .    _
David Carmean                                           <dlc_at_netapp.com>
  PGP fingerprint =  B1 57 EB A8 1D B9 87 86  5F 5C 51 A4 F2 5E ED FD
	My God, it's full of Cars!
Received on Sep 17 1999
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]