Nmap Announce mailing list archives
Re: Examples of legit nmap usage?
From: Thomas Reinke <reinke () e-softinc com>
Date: Fri, 17 Sep 1999 23:39:58 -0400
Two comments - you may be facing an "educational" issue rather than a technical one. If no-one sees the value of running nmap, then the pain of the router logs issue would overcome any other unknown savings to the people dealing with the logs. Having said that, I can tell you that I know of at least one corporation that uses nmap to do scans looking for trojans, and only for trojans. This boils down to a network sweep looking for very specific services, against ALL IP addresses (with of course the idea being that finding one instance of BO outweighs the network chatter. Secondly, as operators of a free web based scanning server (aka Desktop Audits at www.e-softinc.com), I can tell you that of the users we having using our service, we regularly find machines that have been infected with one form of trojan or another. If you have a large network that would takes DAYS to scan, I suspect that you would find some interesting results from such a scan. The bottom line is that your organization has to see the value of virus/trojan detection of this form, and they may be to be educated to see the value. If you cannot see the value, even after education, then you may be in trouble. Suggestion: talk to them about a "trial" scan, during which you attempt to find machines that have been compromised by virus. Indicate that if the trial is successful, that you'd be willing to help setup a regular audit of this sort that would ensure your systems were regularly scanned. On the flip side, indicate that if your audit is clean, you would be willing to stop all scans providing no-one saw any benefit. I've found in the past that this type of approach works quite well. Cheers, Thomas "Foust, Adam G." wrote:
nmap has the potential of becoming an extremely useful tool for me in my job (not in the hacker sense, but in the discovery and security sense). I ran it for a while and built up a picture of our intranet WAN (with the help of a custom bit of perl and CGI programming), but now I'm being told knock it off for good based on the high amount of messages that began to accumulate in our router logs. All of our other $$$ commercial network tools have so far provided a rather piecemeal view of things, and I would like to continue to use this excellent nmap tool to augment our picture of things (particularly having an inventory of TCP services). Can anyone help me out with a good "business case" for administratively running nmap in a corporate environment? What would be the impact to routers and hosts of say automating a weekly scan on a rather large network (I won't give specifics, but I will say that if I seed nmap with a list of ping-able IP addresses it requires a couple of days to complete a single sweep)? Is using nmap in this fashion a dumb idea? Any good examples of nmap being used for network discovery in any corporations out there? Any information you can provide would be of great use. Thanks.
-- ------------------------------------------------------------ Thomas Reinke Tel: (416) 460-7021 Director of Technology Fax: (416) 598-2319 E-Soft Inc. http://www.e-softinc.com
Current thread:
- Examples of legit nmap usage? Foust, Adam G. (Sep 17)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 17)
- Re: Examples of legit nmap usage? David Carmean (Sep 17)
- Re: Examples of legit nmap usage? Joel Eriksson (Sep 18)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 20)
- Re: Examples of legit nmap usage? Andreas Kostyrka (Sep 20)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 20)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 17)
- Re: Examples of legit nmap usage? Lamont Granquist (Sep 20)
- Re: Examples of legit nmap usage? Max Vision (Sep 21)
- IP fragment overwriting bug exploitation Lamont Granquist (Sep 21)
- reverse frag scanning patch Lamont Granquist (Sep 22)
- <Possible follow-ups>
- RE: Examples of legit nmap usage? Rob Shein (Sep 17)
- RE: Examples of legit nmap usage? Scott Hardy (Sep 20)
- Re: Examples of legit nmap usage? Foust, Adam G. (Sep 21)