Nmap Development mailing list archives
Re: some nmap tools
From: Bo Cato <jcato73 () comcast net>
Date: Sun, 7 Dec 2003 09:04:31 -0500
That's very interesting. 80k ethernet based machines to keep tabs on seems like a daunting task. You said you do it from a single host. I don't know what your resources are obviously, but would it not be much more efficient to decentralize this? I would think that even if you only deployed your script / nmap solution to 3 more areas the network congestion on the LAN (routers, switches, firewalls, etc) you are centralized from would be significantly less as well as cutting the scan time down. Of course you'd have to have a means to gather the reports and consolidate but that's trivial. You may have all the bandwidth you need but typically this is not the case. If you have the access to the resources to deploy a total of 4 scanning sites, one would think that 4 x 32 would be quicker and less network intensive to any one path than 1 x 32. The key would be to make sure the scan sites don't overlap hops. I'm curious as to how much additional load/congestion 32 parallelized (that a word?) scans place on your centralized scan point's LAN. If it's of any real significance I image you have scheduled the scan to begin and end during the least impactful 10 hour time frame... 9 PM - 7 AM for example depending on what time is prime time for the LAN the scan is originating from. I'm sure you've discussed this with fyodor already. I only mention it out of curiosity. -b ------------------- Hello MadHat, Saturday, December 6, 2003, 10:16:15 PM, you wrote: M> I have the responsibility of monitoring a large number of IPs for M> security issues. One of the most important things for me was to know M> what was listening where and of course nmap is the only real solution. M> The problem was that my boss wanted me to be able to generate a report M> of how many new ports were opened in the last 24 hours, how many new M> hosts in the past 24 hours, or even how many hosts we have live that M> are Internet facing or web servers, etc... -<snip>- --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- some nmap tools MadHat (Dec 06)
- Re: some nmap tools Bo Cato (Dec 07)
- Re: some nmap tools MadHat (Dec 07)
- RE: some nmap tools Hasnain Atique (Dec 07)
- Re: some nmap tools MadHat (Dec 07)
- RE: some nmap tools Hasnain Atique (Dec 08)
- Re: some nmap tools MadHat (Dec 07)
- Re: some nmap tools Bo Cato (Dec 07)
- <Possible follow-ups>
- Re: some nmap tools testic+testic (Dec 07)
- Re: some nmap tools Akbar Ali (Dec 07)
- Re: some nmap tools Tristan Seligmann (Dec 09)
- Re: some nmap tools MadHat (Dec 09)