topic NMAP rescan interval in Network Access Control

NMAP rescan interval

Oliver Laue — Thu, 15 Apr 2021 12:25:56 GMT

Hi,

if NMAP is used for Profiling devices is there some kind of interval which reruns the scan to check if the device is still the same.

I know there is some kind of overload protection for the Node but is there some kind of verification like (if nmap last scan time is older than x) to ensure the scan did not run to often against a single MAC.

Re: NMAP rescan interval

balaji.bandi — Thu, 15 Apr 2021 13:04:13 GMT

NMAP Scans for Unknown MAC Address while probing - you can do manual probing also. it all depends how you configure, some reference .

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html

Re: NMAP rescan interval

thomas — Thu, 13 May 2021 21:06:04 GMT

ISE should only perform an NMAP scan once per authentication.

It's purpose is to authenticate and profile devices upon connection - not to be a vulnerability scanner.

You should use a different security service for ongoing port detection and vulnerability scanning.