I have been thinking about putting in nmap discovery of ports and monitor to see if ports change, e.g. new ports open, open ports shut.
To some degree it may be more important to know that an HTTP port opened on a router, or an SMTP port on a server, as that may represent a security issue developing rather than when a port closes which may just be an outage.
However, before I head down that path...
Has anyone done this, and if so, did you find that various anti-maleware tools then got triggered?
I.e. any real-world usage insights to suggest, perhaps which are safer nmap options to use to prevent false alarms in intrusion monitoring software in general? Or frequency or speed of scan?
(I'm already worried about the 30 second timeout in external scrips and nmap).
To some degree it may be more important to know that an HTTP port opened on a router, or an SMTP port on a server, as that may represent a security issue developing rather than when a port closes which may just be an outage.
However, before I head down that path...
Has anyone done this, and if so, did you find that various anti-maleware tools then got triggered?
I.e. any real-world usage insights to suggest, perhaps which are safer nmap options to use to prevent false alarms in intrusion monitoring software in general? Or frequency or speed of scan?
(I'm already worried about the 30 second timeout in external scrips and nmap).