Cisco Cisco FirePOWER Appliance 8260
43-5
FireSIGHT System User Guide
Chapter 43 Configuring Active Scanning
Understanding Nmap Scans
Creating an Nmap Scanning Strategy
License:
FireSIGHT
While active scanning can obtain valuable information, overuse of a tool such as Nmap may overload
your network resources or even crash important hosts. When using any active scanner, you should create
a scanning strategy to make sure that you are scanning only the hosts and ports that you need to scan.
your network resources or even crash important hosts. When using any active scanner, you should create
a scanning strategy to make sure that you are scanning only the hosts and ports that you need to scan.
For more information, see the following sections:
•
•
•
Selecting Appropriate Scan Targets
License:
FireSIGHT
When you configure Nmap, you can create scan targets that identify which hosts you want to scan. A
scan target includes a single IP address, a CIDR block or octet range of IP addresses, an IP address range,
or a list of IP addresses or ranges to scan, as well as the ports on the host or hosts.
scan target includes a single IP address, a CIDR block or octet range of IP addresses, an IP address range,
or a list of IP addresses or ranges to scan, as well as the ports on the host or hosts.
You can specify targets in the following ways:
•
For IPv6 hosts:
•
an exact IP address (for example, 192.168.1.101)
•
For IPv4 hosts:
•
an exact IP address (for example, 192.168.1.101) or a list of IP addresses separated by commas or
spaces
spaces
•
an IP address block using CIDR notation (for example, 192.168.1.0/24 scans the 254 hosts between
192.168.1.1 and 192.168.1.254, inclusive)
192.168.1.1 and 192.168.1.254, inclusive)
For information on using CIDR notation in the FireSIGHT System, see
.
Default NSE Scripts
-sC
Timing Template
Select the timing of the scan process; the higher the number you select, the
faster and less comprehensive the scan.
faster and less comprehensive the scan.
0
:
T0
(paranoid)
1
:
T1
(sneaky)
2
:
T2
(polite)
3
:
T3
(normal)
4
:
T4
(aggressive)
5
:
T5
(insane)
Table 43-1
Nmap Remediation Options (continued)
Option
Description
Corresponding Nmap
Option
Option