The Nmap Security Scanner was built to efficiently scan large networks, but Nmap's author Fyodor took this to a new level by scanning millions of Internet hosts during the Summer of 2008 as part of the Worldscan project. In this presentation given at the Black Hat Briefings and Defcon (August 2008), he presents the most interesting findings and empirical statistics from these scans, along with practical advice for improving your own scan performance. An overview of new Nmap features is also provided, including the Nmap Scripting Engine, Zenmap UI, new performance options, Ncat, and Ndiff. Most of these features are now available in Nmap 4.75 and later (download page, Changelog).
Presentation VideoPresentation video is available in several formats. The most convenient is probably the streaming Flash version:
A higher quality 640x320 (45 MB) MPEG4 video download is available: fyodor-nmap-dc16-640x320.avi
A 1200x600 187 MB QuickTime version is also available, but that is probably overkill. The smaller 640x320 version is recommended.
Slides and Audio
Presentation slides (PDF): bhdc08-slides-fyodor.pdf.
Presentation audio (11MB MP3): fyodor-nmap-dc16.mp3
The (old) slides for the June 26, 2008 Inagural Black Hat Webcast are here in PDF format.
If you enjoyed this talk, you might enjoy other talks listed on Fyodor's Presentation Page. Or head to the man pages of Insecure.Org or Nmap.Org.