Re: distrbuted nmap?

[Jose Nazario <jose () biocserver BIOC CWRU Edu>]

On Mon, 20 Mar 2000, Lorell Hathcock wrote:

> Would nmap run across the "PVM'ed" network of machines transparently? 

why not? 

> How
> would one control which host in the PVM network would actually perform
> which scan?

you would start the daemon (ie pnmapd for parallel-nmap-daemon) on one
machine and it would use PVM or some other parallel system to contact the
other hosts and ensure all members were present. then it would assign
tasks (ie which ports to scan), wait, collect data and make a final
report (similar to the nmap report we have now).

this does introduce a very interesting premise, though -- namely if the
different machines have different permissions on the target. i run very
liberal firewall rules, i'm always adding hosts. as such, it is
conceivable that one set of scans would be from a permitted host while
another would be from a not permitted host. differentiating between them
in the results would be difficult if the firewall was silent (ie forged
RSTs for TCP SYNs). 

> If granular control could be achieved, could one specify that
> PVM Client #1 would scan Host X on port N and that PVM Client #2 would scan
> Host X on port M?

as you noted in your memo, yes, they would have to be randomized, as so
you could have granular control. couple random with some tweaking (ie i
know this machine is within a trusted realm, so i'll ask it to do these
special ports) and you got yourself a nice automated information gathering
tool.

jose nazario                                    jose () biochemistry cwru edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc