Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nmap Online

From: David Matousek <david () matousec com>
Date: Wed, 29 Nov 2006 19:22:14 +0100
Hello,

1) Thanks for --interactive, will be added. It is not a problem even now, because
such Nmap session would be killed after timeouted. But of course, it is better
to add it.

2) You can not execute shell-commands (erm :) you should not be able to).

3) You can scan local network but the machine firewall will show you nothing.
Maybe also a good idea to add to filter just to save a few ticks of processor time.


Thanks!

-- 
David Matousek

Founder and Chief Representative of Matousec - Transparent security
http://www.matousec.com/


Ron Bowes wrote:

Hans Nilsson wrote:

That might be prudent. I noticed that the --interactive flag doesn't
seem to be blacklisted and you can execute shell-commands from there and
everything. But it might not be an issue.


I'm not sure if you can send commands with --interactive, but you're
right, it seems dangerous.

Another idea -- don't allow people to scan the local network
(192.168.0.0/24).  Just a suggestion :)

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org






_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: