Nmap Development mailing list archives
Re: what trickery can nmap take 20 hours to scan 1 host!!
From: Jan Engelhardt <jengelh () linux01 gwdg de>
Date: Mon, 23 Apr 2007 12:19:16 +0200 (MEST)
Hi, On Apr 23 2007 10:14, Hari Sekhon wrote:
thanks for your replies guys, I am aware of timing setting, I usually use -T4 locally but leave -T3 for cross internet. I had a peak at the that url regarding chaos tables. It looks interesting but it doesn't explain how it foils port scanners.
http://jengelh.hopto.org/p/chaostables/fw.html#se7 Section 7, I quote myself: "When the rate limit kicks in, nmap throttles its scan timing to accomodate for this to not lose scan result accuracy."
Also, isn't nmap just supposed to give up and move on to the next port if it doesn't get a response? If it does get a response then it should move straight on to the next port since it doesn't need to reply,
With increased -T n, yes, it moves on quicker - but at the cost of missing late packets. That is correct. But xt_CHAOS(!) returns something (using DELUDE/TARPIT) *sometimes*, and sometimes *not*, making nmap wait on roughly 98% of all ports (by default) [and giving back false results for the other 1-2%]. xt_DELUDE or ipt_TARPIT alone do not slow it, as you noticed:
therefore tarpit persist tricks don't work (I know I've tried scanning a tarpit of mine I scanned all 65535 ports in seconds cos the time wasting packets were ignored in the syn scan)
I'm still at a bit of a loss here. I suppose it's possible that a bot ridden computer didn't have the resources to respond, but I would still expect nmap to move on after a little time, hence it should never take 20 hours to scan 1 host... -h Hari Sekhon
Jan -- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- what trickery can nmap take 20 hours to scan 1 host!! Hari Sekhon (Apr 19)
- Re: what trickery can nmap take 20 hours to scan 1 host!! DePriest, Jason R. (Apr 20)
- Re: what trickery can nmap take 20 hours to scan 1 host!! Jan Engelhardt (Apr 21)
- Re: what trickery can nmap take 20 hours to scan 1 host!! DePriest, Jason R. (Apr 21)
- Re: what trickery can nmap take 20 hours to scan 1 host!! Jan Engelhardt (Apr 21)
- Re: what trickery can nmap take 20 hours to scan 1 host!! Hari Sekhon (Apr 23)
- Re: what trickery can nmap take 20 hours to scan 1 host!! Jan Engelhardt (Apr 23)
- Re: what trickery can nmap take 20 hours to scan 1 host!! DePriest, Jason R. (Apr 23)
- Re: what trickery can nmap take 20 hours to scan 1 host!! Jan Engelhardt (Apr 21)
- Re: what trickery can nmap take 20 hours to scan 1 host!! DePriest, Jason R. (Apr 20)