Tuesday, November 17, 2009

NMap

A quick mention for NMap, which is a simple but powerful tool that can be used to scan a host or network. How would a CIO use it?

* What devices on my subnet have port 80 open? There are knowns such as web servers, perhaps print servers and web interfaces to manage any number of appliances. Could something else have that port open? I could do similar scans for anything with telnet enabled, etc.

* Going the other direction, I could scan a single host and check for any open ports on it. Some would be expected, while others might not. Why do these 100 stations have port 3689 open? :)

* If I scan an entire network, a tool like NMap will let me know what responded. This might give me a list of hosts.

* Once I have that list of hosts, NMap will attempt to determine the host operating system. It uses TCP and UDP packets received to create a 'fingerprint' of a suspected OS. Any details like this can help with rogue system detection.

Be careful with a tool like this. If you scan huge IP ranges, it could be noticeable on your network. If you can the wrong device (a firewall or IDS), it might report back in its logged that you scanned it. Nonetheless, it's a good tool for the toolbelt.

No comments: