Re: Nmap Online

["Hans Nilsson" <hasse_gg () ftml net>]

2. I just ment that through the --interactive mode you can normally
execute shell commands. (But as you said, it's not an issue on your
site.)

On Wed, 29 Nov 2006 19:22:14 +0100, "David Matousek"
<david () matousec com> said:
> Hello,
>
> 1) Thanks for --interactive, will be added. It is not a problem even now,
> because
> such Nmap session would be killed after timeouted. But of course, it is
> better
> to add it.
>
> 2) You can not execute shell-commands (erm :) you should not be able to).
>
> 3) You can scan local network but the machine firewall will show you
> nothing.
> Maybe also a good idea to add to filter just to save a few ticks of
> processor time.
>
>
> Thanks!
>
> -- 
> David Matousek
>
> Founder and Chief Representative of Matousec - Transparent security
> http://www.matousec.com/
>
>
> Ron Bowes wrote:
>  > Hans Nilsson wrote:
>  >> That might be prudent. I noticed that the --interactive flag doesn't
>  >> seem to be blacklisted and you can execute shell-commands from there and
>  >> everything. But it might not be an issue.
>  >
>  > I'm not sure if you can send commands with --interactive, but you're
>  > right, it seems dangerous.
>  >
>  > Another idea -- don't allow people to scan the local network
>  > (192.168.0.0/24).  Just a suggestion :)
>  >
>  > _______________________________________________
>  > Sent through the nmap-dev mailing list
>  > http://cgi.insecure.org/mailman/listinfo/nmap-dev
>  > Archived at http://SecLists.Org
>  >
>  >
-- 
  Hans Nilsson
  hasse_gg () ftml net

-- 
http://www.fastmail.fm - The professional email service


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org