Nmap Hackers: Re: Examples of legit nmap usage?

[David Carmean <dlc () netapp com>]

Recently I used a combination of shell scripts and nmap to perform a 
rough survey of operating systems on a subset of our internal networks. 

I was careful to scan only networks which were actually reachable from 
my machine, lest I DoS the firewall by filling the connection-state buffer.
I then ran nmap with a set of options chosen to cause as little stress on 
the target machines as possible, something like (I can't find the exact 
test right now): "nmap -v -M1 -PI -sT -p80,138,139 -O $prefix/$mask".

Fyodor also has on his list of things to do the addition of an interval 
option to slow portscans on a single machine (and perhaps between machines 
on a network scan?).

Especially once this appears, you should be able to use nmap for legitimate 
discovery purposes with perhaps even less impact than other network 
management packages.  If you're responsible in some way for managing 
those networks, you should be able to justify the scans as part of 
your job description....  And point the complainers to tools like 
swatch or awk to clean up their logfiles :o)


On Fri, Sep 17, 1999 at 05:25:11PM -0400, Bennett Todd wrote:
> I've used it often for legitimate, business-related purposes. But I focus it
> quite tightly. I've never unleashed it over anything bigger than a /25, and
> even in that case I only let it loose because I _Knew_ there was nothing there
> that it could crash that I cared about. More often I'm invoking it for OS type
> detection pointed at a single host.
>
> Big, out-of-control, unmanaged corporate nets (I've spent years around
> them:-) accumulate cruft, and the cruft they accumulate tends to be fragile,
> creaky, oddball old boxes that nobody knows how to manage anymore but that
> small groups of fantastically important users count upon. So unleash your
> nmap-from-hell and beware, you may tickle an obscure bug in an ancient box
> hand-built by Seymour Cray himself, the only one of its kind ever made, whose
> sole user pays the salaries of everyone you ever met in the entire time you
> worked at the company, with money he makes with an investment strategy
> hand-coded in assembler for this special machine, by an analytic wizard who
> has since died.
>
> Perhaps I overstate, it's in my nature I'll admit. But that's the kind of
> horror you need to fear when casting nmap far and wide. There are boxes out
> there that will crash when nmap with the right settings casts its gaze their
> way, and the users of those boxes are _never_ amused when it happens.
>
> -Bennett
-- 
--                                                         _    .    _    .    _
David Carmean                                           <dlc () netapp com>
  PGP fingerprint =  B1 57 EB A8 1D B9 87 86  5F 5C 51 A4 F2 5E ED FD

        My God, it's full of Cars!