Extremely long scan times...

["Jones, David H" <Jones.David.H () principal com>]

Greetings... Long time user, first time poster.

I've done a lot of digging around (google, nmap command reference, etc),
and I just can't seem to find a way around this. Here's my dilemma:

I'm scanning a Cisco IOS Firewall interface for a security audit.  We
want to be able to report on all ports (-p1-65535).  Unfortunately,
shortly after the scan starts, I start seeing ICMP 3/13 messages
(Communication administratively filtered (ethereal)/Communication
administratively prohibited by filtering (nmap)) via ethereal or by
using --packet-trace in nmap.

After that message is received, nmap starts resending SYN packets to the
same port (up to six times in a row), and I'm assuming it also causes
nmap to throttle back.  This is causing the scan completion time to jump
to at least six hours almost immediately, which unfortunately is not
going to work for the project we're doing in the timeframe needed.

I just completed the same exercise on Checkpoint interfaces, with
exactly the same switches enabled for nmap, and the scans completed on
those interfaces in the neighborhood of 25-30 minutes.  While I did not
actually capture any packets during the Checkpoint scans, I'm assuming I
was not receiving the ICMP 3/13 messages.

So, to make a short question long, is there any way to force nmap to
ignore these ICMP messages, or to disable the automatic throttling and
just push through it?  I'm already using the -T4 switch, but even that
switch doesn't keep the pace up and at times generates the following
message from nmap itself; "Warning: Finishing early because
retransmission cap hit."  However, nmap continues to scan after that
point.

Any assistance would most definitely be appreciated!

Using: 
nmap v4.01
-P0
-sS
-T4
-p1-65535

Thanks in advance!


David Jones
Principal Financial Group
I/S Information Security
711 High Street
Des Moines, IA 50392-0257

Email:  jones.david.h () principal com
Phone:  515.362.2224  


-----Message Disclaimer-----

This e-mail message is intended only for the use of the individual or
entity to which it is addressed, and may contain information that is
privileged, confidential and exempt from disclosure under applicable law.
If you are not the intended recipient, any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify us immediately by
reply email to Connect () principal com and delete or destroy all copies of
the original message and attachments thereto. Email sent to or from the
Principal Financial Group or any of its member companies may be retained
as required by law or regulation.

Nothing in this message is intended to constitute an Electronic signature
for purposes of the Uniform Electronic Transactions Act (UETA) or the
Electronic Signatures in Global and National Commerce Act ("E-Sign")
unless a specific statement to the contrary is included in this message.


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev