PaulDotCom mailing list archives

NMAP for SCADA

From: Bruce Barnett <grymoire () gmail com>
Date: Tue, 27 Nov 2012 11:56:41 -0500

I'm going to have a short-time access to a SCADA test lab, and I want
to run a port map to characterize the services available.

There are about 7 networks (virtual and real), with 6 physical
Ethernet ports. I want to discover all services, on all networks. I
don't need stealth, and I want to avoid scans that might crash older
devices. I also don't want to get half-done and realize that I made
the wrong choices, and have to do it again.

I was thinking of using -sS, but I am concerned some devices might
crash if there are too many half-open connections .
So should I use -sT instead - I think.
And -r would make the scan more "repeatable" if some device crashes.
So any comments on using these options:

    nmap  -r -v -sT -sU 10.1.1.0/24 10.2.0.0/24 -oX scan1.xml -oG scan1.txt
repeat for next interface....., etc.
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

NMAP for SCADA Bruce Barnett (Nov 27)
- Re: NMAP for SCADA Kevin Shaw (Nov 27)
- Re: NMAP for SCADA Ron Gula (Nov 27)
- <Possible follow-ups>
- Re: NMAP for SCADA Michael Wilson (Nov 27)