Re: Examples of legit nmap usage?

[Ben Harris <bjh21 () cam ac uk>]

On Fri, 17 Sep 1999, Foust, Adam G. wrote:

> Can anyone help me out with a good "business case" for administratively
> running nmap in a corporate environment? What would be the impact to routers
> and hosts of say automating a weekly scan on a rather large network (I won't
> give specifics, but I will say that if I seed nmap with a list of ping-able
> IP addresses it requires a couple of days to complete a single sweep)? Is
> using nmap in this fashion a dumb idea?

I'd recommend reducing the set of ports you scan (maybe using -F?).  The
chances are this will enable you to get a good factor of ten speed
increase and thus probably have a less adverse effect on the routers. 
Perhaps nmap could do with an option to limit its scanning rate so it
doesn't flatten your network.  Using -sS also seems to help reduce the
amount of log traffic you generate.

> Any good examples of nmap being used for network discovery in any
> corporations out there?

Not a corporation, but the friendly probing software we've written here
uses it for OS type guessing and probing twenty-odd ports we don't have
better probes for.  Our probes are quite gentle on the network, though,
taking a fortnight (working hours only) to cover 30,000-odd machines.
I've occasionally run nmap in a limited way across our entire IP range,
but that seems to provoke adverse responses.

-- 
Ben Harris
Unix Support, University of Cambridge Computing Service.
E-mail: bjh21 () cam ac uk  Tel: +44 (0)1223 334728  Fax: +44 (0)1223 334679