Open Source Security Tools : Practical Guide to Security Applications part 14

Open Source Security Tools : Practical Guide to Security Applications part 14. Few frontline system administrators can afford to spend all day worrying about security. But in this age of widespread virus infections, worms, and digital attacks, no one can afford to neglect network defenses. Written with the harried IT manager in mind, Open Source Security Tools is a practical, hands-on introduction to open source security tools. | Page 109 Wednesday June 23 2004 10 24 PM Uses for Port Scanners 109 Options Descriptions Get Identd Info The Identd service runs on some machines and provides addi- -I tional information on that host when queried. It can provide data beyond what the port scan provides such as operating system type. However it usually only runs on UNIX systems. Nmap will also automatically do an OS identification using TCP fingerprints as well so this feature is less useful than it used to be. If you don t have UNIX systems on your network it is not worth running with this option. Resolve All -R OS Identification -O Send on Device -e interface_name This option tries to resolve every address in the range even when they are not answering. This can be useful for example in an ISP network where a whole range of host entries may be assigned to potential IP addresses for a dial-up pool but only a certain number may be used at a given time. This option is set by default. As mentioned earlier every TCP stack is slightly different. By comparing the exact fingerprint of the replies to a database of known TCP fingerprints Nmap can usually identify the OS it is talking to with a fair amount of accuracy. It can even narrow it down to version ranges. Occasionally something will come up that it doesn t know and then it prints out the TCP response at the bottom of the report. If you find one of these unidentified signatures you can help build the OS fingerprint database when you get an unidentified TCP signature. If you know what it is for sure cut and paste it into an e-mail to the Nmap development group. They will add it to the database so when someone else scans that type of machine it will be properly identified. You can find all the TCP fingerprints Nmap knows in the file nmap-os-fingerprints in the Data directory of the Nmap installation. This forces the scan packets to go out a specific interface. This is really needed only on a machine with multiple network cards or if Nmap