Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Using Nmap

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    7

    Thumbs down Using Nmap

    Is it possible to scan a system anywhere on internet using Nmap??

    Or is it only for scaning machines on local network..?

    Is ther any apps to scan systems on internet?

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,118

    Default

    This kids is a obvious example of complete laziness and a blatant lake of RTFM.

  3. #3
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Sure feel free to to scan anything on the internet with Nmap that you want to. When your internet connection gets canceled, you can try to explain to mommy & daddy why they can't get their email anymore.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #4
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    7

    Default

    I asked because, in tutorials i have seen nmap using to scan only local networks.

  5. #5
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by ranees View Post
    I asked because, in tutorials i have seen nmap using to scan only local networks.
    That's because most of the time, it's explicitly against the TOS/AUP of your ISP to be conducting recon against other networks. And there are people out there (like me) that detect such things and report them to their ISP's and have their accounts canceled for violating the TOS/AUP.

    Basically, you have no business running nmap against a network across the internet without explicit permission of the network owner and your ISP.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #6
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    7

    Default

    Then how criminals attack into machines over internet??

  7. #7
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Thumbs up

    Quote Originally Posted by ranees View Post
    Is it possible to scan a system anywhere on internet using Nmap??

    Or is it only for scaning machines on local network..?

    Is ther any apps to scan systems on internet?
    the Nmap post which you are talking about points to vulnerability assessment.its Active scan and detectable by firewalls and IDS/IPS systems so if you are going to use your creativity with Nmap on WAN then chances your ISP may show his creativity on you.its VA tool for assessing security holes in a particular network after legally signed a Non-Disclosure Agreement between Pen-Tester and the party.read more @ www.insecure.org

  8. #8
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    7

    Default

    Thanks for your replies..

    So If i have an agrement with the target person to do pen-test , it wont be considered as crime..right?
    Actually i want to practice it over internet as a part of my research in Security Vulnerabilities.

  9. #9
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by ranees View Post
    Thanks for your replies..

    So If i have an agrement with the target person to do pen-test , it wont be considered as crime..right?
    Actually i want to practice it over internet as a part of my research in Security Vulnerabilities.
    Not only with the intended target but also with your own ISP, as most ISP don't look to favorably upon people conducting such things across their network.

    Make sure you get the agreement in writing from someone that actually has the authority to make the decision.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  10. #10
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Thumbs up

    Quote Originally Posted by ranees View Post
    Thanks for your replies..

    So If i have an agrement with the target person to do pen-test , it wont be considered as crime..right?
    Actually i want to practice it over internet as a part of my research in Security Vulnerabilities.
    I won't advice you to go and pen-test over the internet like sitting at home.every company is having its own extranet and intranet.if you want to perform external PT then make a confidential legal agreement in between you and the company representative for avoiding the legal conflicts later.as streaker said.there is a lot of things involved while doing this,ISP,other users etc. cause multiple instance of nmap can bring down the resources and can lead to violation of avaliability.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •