Re: faster scans? (nmap)

From: Yann Berthier (Yann.Berthier@hsc.fr)
Date: 06/03/02


Date: Mon, 3 Jun 2002 22:27:20 +0200
From: Yann Berthier <Yann.Berthier@hsc.fr>
To: pen-test@securityfocus.com

On Mon, 03 Jun 2002, Steve Maks wrote:

   [context lost thanks to top-posting :p]

> Take a look at the rtt options in nmap (min/max/initial_rtt_timeout), it's
> pretty much required to modify them when you are scanning hosts with -P0.
> Depending on your connection and the target's connection, you can greatly
> improve the scan speed.

   Yes, but one has to keep in mind it depends a lot of the network
   lossage: we have seen very unreliable results with nmap - on
   unreliable networks that is, but when doing a pentest, we can't
   refuse customers because they have bad connectivity, can we ? :)
   
   So back to the subject: scanning large networks is a real problem as
   a pentester. It can take several nmap runs to adjust the rtt
   according to the lossage, and to have the more accurate snapshot of
   the tested network. And then we need to:

   . scan again with fixed source ports
   . scan once more while playing with the ttl

   All of this is very time consuming, and there is no handy solution I
   know. I think we need new paradigms here (yes, no less), but I'm sure
   some of you have already thought about this ...
    
   <sci-fi on>

   Imagine now an ipv6 world where /48 networks at least are the norm
   ...

   </sci-fi on>

   - yann.

-- 
   Yann.Berthier@hsc.fr -*- HSC -*- http://www.hsc.fr/

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/



Relevant Pages

  • RE: Problems with Permissions
    ... And SBS server is only take ... the role of an internal server. ... they are all configured to connected to internal network. ... g. Run the Configure Email and Internet Connection Wizard on SBS server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Outgoing POP3 email missing/lost/not received
    ... Funny thing is that I have had this ISP for 8 years and it has always been ... It looks like when you last ran CEICW, you set the ISP's mail server to: ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • Re: server disconnection - very often
    ... Often get the redirected folders working offline prompt on some client ... VMware virtual network interface cause network issue. ... On the Connection Type page, click Broadband, and then click Next. ... |> re-initialize the offline files cache and database on client computers: ...
    (microsoft.public.windows.server.sbs)
  • Re: OT By a mile in parts comments on Viet Nam
    ... check bank accouts etc etc whilst away but is safe to do so over wireless and using the hotel network.. ... you should regard your connection as insecure and use some ... form of encryption to protect your passwords and privacy. ... My recommendation would be to set up a VPN endpoint in the UK that you ...
    (uk.comp.sys.mac)
  • Re: "Invalid Connection Data" Message XBOX 360 acting as an MCE
    ... Read my blog for the latest in Media Center topics ... I've tried direct connection of Xbox 360 to PC and also via my network ... The network trace is reporting TCP checksum issues when attempting ...
    (microsoft.public.windows.mediacenter)