On Fri, 17 Sep 1999, Foust, Adam G. wrote:
> Can anyone help me out with a good "business case" for administratively
> running nmap in a corporate environment? What would be the impact to routers
> and hosts of say automating a weekly scan on a rather large network (I won't
> give specifics, but I will say that if I seed nmap with a list of ping-able
> IP addresses it requires a couple of days to complete a single sweep)? Is
> using nmap in this fashion a dumb idea?
I'd recommend reducing the set of ports you scan (maybe using -F?). The
chances are this will enable you to get a good factor of ten speed
increase and thus probably have a less adverse effect on the routers.
Perhaps nmap could do with an option to limit its scanning rate so it
doesn't flatten your network. Using -sS also seems to help reduce the
amount of log traffic you generate.
> Any good examples of nmap being used for network discovery in any
> corporations out there?
Not a corporation, but the friendly probing software we've written here
uses it for OS type guessing and probing twenty-odd ports we don't have
better probes for. Our probes are quite gentle on the network, though,
taking a fortnight (working hours only) to cover 30,000-odd machines.
I've occasionally run nmap in a limited way across our entire IP range,
but that seems to provoke adverse responses.
--
Ben Harris
Unix Support, University of Cambridge Computing Service.
E-mail: bjh21_at_cam.ac.uk Tel: +44 (0)1223 334728 Fax: +44 (0)1223 334679
Received on Sep 18 1999
Intro
