Re: [?? Probable Spam] Automated Nmap Scans / Front End

[sami ghourabi <sami.ghourabi () icn com tn>]

Dear Tom Jones,
about host discovery, I personnaly use nmap with its different options:
-sP -PA works well if traffic to hosts doesnt go through a stateful filter
-sP -PS  succeed if target ports are open
-sP -PU in case of UDP is allowed
-sP -PE for ping scan
there are other options that I don't use as I don't see what their 
benefit is (?)
About thee time your scan takes, you can control nmap timaing if you are 
sure that your network link and those of the scanned hosts are reliable.
--max-rtt-timeout sets the max time to wait before giving up the probe
--max-retries don't let him do more than 2 tries for each probe if you 
kow there is a filtering gateway
--min-host-group set the number of host to scan simultaneously

Another point now, about unicorn scanner.
I used it recently but I remarked that results are often inaccurate. Any 
thoughts about this tool ?

Sami.

tom jones a écrit :
> Hello,
> I am responsible for monitoring hundreds of machines
> over thousands of
> external IP addresses.  I currently run nmap manually
> once a week and import
> the results into Excel to compare them with the
> previous week to find hosts
> that are new and also take note of those that have
> been taken off the
> Internet.  I am looking for a web front end, batch
> process, or similar that
> would meet the following requirements.
>
> -Input file of external IP ranges I am responsible for
> -Have the tool scan all ranges to determine responding
> IPs
> -Compare results to previous week and note exceptions
> -Scheduling capability to have this take place weekly
>
> >From a quick search, I found these two tools that I
> might try out if I have
> time.  I have not heard of them before and have not
> had a chance to read up
> on their capabilities:
>
> http://sourceforge.net/projects/gwmos/
> http://sourceforge.net/projects/cancerbero/
>
> I am also interested to hear thoughts on the best way
> to do host discovery.
> Many of our firewalls will block ICMP requests which
> is fast and not
> complete.  Scanning for every TCP and UDP port can
> take days.  I'm looking
> for a good middle ground that would be fairly complete
> but not take an
> excessive amount of time.  I currently scan for about
> 15 common TCP ports
> which takes about half of a day.
>
> I have the ability to run these on either a Windows XP
> machine or a web
> server (php, etc.).  
>
> Thanks in advance.
>
>
>
>
>
>
>  
> ____________________________________________________________________________________
> Don't pick lemons.
> See all the new 2007 cars at Yahoo! Autos.
> http://autos.yahoo.com/new_cars.html 
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>
>   


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------