On 2003.10.27 09:45 Scott Harney wrote: > > From NMAP man page > http://www.insecure.org/nmap/data/nmap_manpage.html > " mission critical systems unless you are prepared to suffer > downtime. We acknowledge here that Nmap may crash your > systems or networks and we disclaim all liability for any > damage or problems Nmap could cause." >
What FUD. From the same manpage we have: "I have scanned hundreds of thousands of machines and have received only one complaint. But I am not a lawyer and some (anal) people may be annoyed by nmap probes. Get permission first or use at your own risk." The word anal sums things up well, except I think you are exaggerating the risks for some reason. You also neglected to include a little before your quote of that man page: "It should also be noted that Nmap has been known to crash certain poorly written applications, TCP/IP stacks, and even operating systems. Nmap should never be run against mission critical systems unless you are prepared to suffer downtime. We acknowledge here that Nmap may crash your systems or networks and we disclaim all liability for any damage or problems Nmap could cause." It is indeed a sorry OS that would let it's TCP/IP stack take it down. Sun had a problem where they made some applications look at a central site, and unplugging the computer would cause it to hang badly but not crash. I imagine that's what the link you pointed to refered to, when someone changed up nmap to be "agressive" and more like a DoS attack on the whole LAN. That kind of thing pales in comparison to other shoddy stuff from Redmond which can be taken out by hanging any application right down to a text editor. Moreover, you might note that most software comes with explicit indemnification for it's authors. Microsoft's EULA may not be as blunt but can be construed the same way like, "Microsoft should never run mission critical systems unless you are prepared to suffer downtime." I've never heard of any software vendor taking responsibility for their software. It's all run at your own risk.
