Nmap Announce mailing list archives
Re: Examples of legit nmap usage?
From: David Carmean <dlc () netapp com>
Date: Fri, 17 Sep 1999 22:04:27 -0700
Recently I used a combination of shell scripts and nmap to perform a rough survey of operating systems on a subset of our internal networks. I was careful to scan only networks which were actually reachable from my machine, lest I DoS the firewall by filling the connection-state buffer. I then ran nmap with a set of options chosen to cause as little stress on the target machines as possible, something like (I can't find the exact test right now): "nmap -v -M1 -PI -sT -p80,138,139 -O $prefix/$mask". Fyodor also has on his list of things to do the addition of an interval option to slow portscans on a single machine (and perhaps between machines on a network scan?). Especially once this appears, you should be able to use nmap for legitimate discovery purposes with perhaps even less impact than other network management packages. If you're responsible in some way for managing those networks, you should be able to justify the scans as part of your job description.... And point the complainers to tools like swatch or awk to clean up their logfiles :o) On Fri, Sep 17, 1999 at 05:25:11PM -0400, Bennett Todd wrote:
I've used it often for legitimate, business-related purposes. But I focus it quite tightly. I've never unleashed it over anything bigger than a /25, and even in that case I only let it loose because I _Knew_ there was nothing there that it could crash that I cared about. More often I'm invoking it for OS type detection pointed at a single host. Big, out-of-control, unmanaged corporate nets (I've spent years around them:-) accumulate cruft, and the cruft they accumulate tends to be fragile, creaky, oddball old boxes that nobody knows how to manage anymore but that small groups of fantastically important users count upon. So unleash your nmap-from-hell and beware, you may tickle an obscure bug in an ancient box hand-built by Seymour Cray himself, the only one of its kind ever made, whose sole user pays the salaries of everyone you ever met in the entire time you worked at the company, with money he makes with an investment strategy hand-coded in assembler for this special machine, by an analytic wizard who has since died. Perhaps I overstate, it's in my nature I'll admit. But that's the kind of horror you need to fear when casting nmap far and wide. There are boxes out there that will crash when nmap with the right settings casts its gaze their way, and the users of those boxes are _never_ amused when it happens. -Bennett
-- -- _ . _ . _ David Carmean <dlc () netapp com> PGP fingerprint = B1 57 EB A8 1D B9 87 86 5F 5C 51 A4 F2 5E ED FD My God, it's full of Cars!
Current thread:
- Examples of legit nmap usage? Foust, Adam G. (Sep 17)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 17)
- Re: Examples of legit nmap usage? David Carmean (Sep 17)
- Re: Examples of legit nmap usage? Joel Eriksson (Sep 18)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 20)
- Re: Examples of legit nmap usage? Andreas Kostyrka (Sep 20)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 20)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 17)
- Re: Examples of legit nmap usage? Lamont Granquist (Sep 20)
- Re: Examples of legit nmap usage? Max Vision (Sep 21)
- IP fragment overwriting bug exploitation Lamont Granquist (Sep 21)