Re: Scanning subnets w/CIDR

[Fyodor <fyodor () dhp com>]

On Tue, 7 Mar 2000, Mark E. Drummond wrote:

> I have a class B net, chopped up into variously sized subnets. Can the "/##"
> an address spec be any sized mask? /22 ? /20 ?

Yeah.  Just try it out! Nmap will not explode.  Experimentation won't
cause any trouble.  Unless Nmap goes berserk and starts launching massive
scans against sensitive military networks.  Or you could scan the wrong
net and end up crashing some company's mission critical
firewall/router/DNS/etc.  Maybe it is a good idea to be careful.

> Also, I noticed that nmap will scan the net address and broadcast address
> themselves. Should it not be coded to not scan these? Or perhaps a more
> flexible language for specifying address such as "x.x.x.x/xx EXCEPT x.x.x.x
> ..." ?

Older versions had an -A option, but it is gone now.  Few people used it
and free option letters are running low.  You can often exclude the
net/bcast with ranges like "nmap '192.168.*.1-254'".

By the way, I realize it has been a while since a new version of Nmap was
released.  Expect one soon.  I spent the last two weekends auditing code
... the IRS Tax Code :(.  I regret that I cannot publicly release any of
the exploits found.  Not even the vulnerability in the Section 137
Accelerated Depreciation Deduction.  The vendor has not been informed :).  
Warning:  the "Liquidating REIT" vulnerability has apparently been
patched.

Cheers,
Fyodor


--
Fyodor                            'finger pgp () pgp insecure org | pgp -fka'
Frustrated by firewalls?          Try nmap: http://www.insecure.org/nmap/
"The percentage of users running Windows NT Workstation 4.0 whose PCs
 stopped working more than once a month was less than half that of Windows 
 95 users."-- microsoft.com/ntworkstation/overview/Reliability/Highest.asp