[patch] Re: nmap-3.7x MUCH slower than nmap-3.55 against firewalled hosts

[Martin Mačok <martin.macok () underground cz>]

No more! :-) I have stopped talking and implemented my own
suggestions. The results look great so far - nmap-3.78 now seems even
faster than nmap-3.55 in scenarious I was complaning about.

On Thu, Dec 16, 2004 at 01:22:32PM +0100, Martin Mačok wrote:

> Which suggests that clever implementation shouldn't be waiting for
> an ICMP response for *every* port

See attached nmap-3.78-defeat_ICMP_ratelimit.patch

Basically, it should avoid recomputing of RTT (and number of
retransmissions) when it receives ICMP unreachable in scantypes
that shouldn't need ICMP reponse for every port (i.e. when getting
nothing or getting ICMP unreachable does not end in different port
state).

I hope it does not break anything. Please review and test it.

> > You're right that adding more explicit controls over the maximum
> > number of retransmissions may be worthwhile.

See nmap-3.78-option-max_retransmissions.patch

I have limited max number of retransmissions from 13 to 10 by default
and set to even lower number when -T4 or -T5 is used. User can
explicitely set it with --max_retransmissions (must be >=0).

See nmap-3.78-cosmetics.patch too.

Thank you

Martin Mačok
IT Security Consultant

Attachment: nmap-3.78-cosmetics.patch
Description:

Attachment: nmap-3.78-defeat_ICMP_ratelimit.patch
Description:

Attachment: nmap-3.78-option-max_retransmissions.patch
Description:

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org