Re: Examples of legit nmap usage?

[Bennett Todd <bet () mordor net>]

I've used it often for legitimate, business-related purposes. But I focus it
quite tightly. I've never unleashed it over anything bigger than a /25, and
even in that case I only let it loose because I _Knew_ there was nothing there
that it could crash that I cared about. More often I'm invoking it for OS type
detection pointed at a single host.

Big, out-of-control, unmanaged corporate nets (I've spent years around
them:-) accumulate cruft, and the cruft they accumulate tends to be fragile,
creaky, oddball old boxes that nobody knows how to manage anymore but that
small groups of fantastically important users count upon. So unleash your
nmap-from-hell and beware, you may tickle an obscure bug in an ancient box
hand-built by Seymour Cray himself, the only one of its kind ever made, whose
sole user pays the salaries of everyone you ever met in the entire time you
worked at the company, with money he makes with an investment strategy
hand-coded in assembler for this special machine, by an analytic wizard who
has since died.

Perhaps I overstate, it's in my nature I'll admit. But that's the kind of
horror you need to fear when casting nmap far and wide. There are boxes out
there that will crash when nmap with the right settings casts its gaze their
way, and the users of those boxes are _never_ amused when it happens.

-Bennett