Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Exploring the UNKNOWN: Scanning the Internet via SNMP!

From: Enno Rey <erey () ernw de>
Date: Wed, 5 Mar 2008 15:00:08 +0100
Hi,


all due to the unreliable nature of UDP.

But the most important thing is, that if you do it large scale*,
you have to wait for some sort of reply anyways,
either TCP SYN|ACK or some application data. This time of "waiting"
can be used to SYN/request yet another 10,000 hosts.
Thus, how fast a scanner is does not depend on UDP or TCP,
it depends on the upper protocols.


it mainly depends on the implementation of the scanner.
We did some large scale internet SNMP scanning some time ago
[see http://www.ernw.de/content/e7/e181/e671/download690/ERNW_026_SNMP_HitB_Dubai_2007_ger.pdf] and used our own 
scanning tool [http://www.ernw.de/download/snmpattack.pl]. 
Within the different releases of the tool there were _big_ differences as for the scanning speed.

thanks,

Enno

-- 
Enno Rey

Check out www.troopers08.org!


ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902
PGP FP 055F B3F3 FE9D 71DD C0D5  444E C611 033E 3296 1CC1

Handelsregister Heidelberg: HRB 7135
Geschaeftsfuehrer: Roland Fiege, Enno Rey

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: