Nmap Development mailing list archives
Re: PortBunny - FX and Fabs at 24C3
From: bensonk () acm wwu edu
Date: Sun, 13 Jan 2008 17:38:16 -0800
Then, if somebody finds an exploit on your port scanner, it becomes a kernel-level exploit. Yeah, that sounds like a fantastic idea. In response to the question about bloat: I think nmap is a perfect size. I *really* like the version scanning and the OS scanning. Generally when I'm port scanning something I want to know what it is, and what versions of things are running, so I generally use those options every time I scan. Benson On Sun, Jan 13, 2008 at 02:22:59PM -0800, doug () hcsw org wrote:
On Sun, Jan 13, 2008 at 11:30:50AM +0000 or thereabouts, Brandon Enright wrote:o Fabs declares that "the kernel is a good place for a port scanner", and indeed PortBunny is a Linux-only kernel module. They suggest that you use a dedicated box and not run other Internet applications such as web browsers at the same time.This is a terrible idea. I think they did it in the kernel because they wanted to and went looking for excuses why it was a good idea later. If speed is all you're looking for, the Unicornscan guys sure seem to be doing well with their user-land distribute TCP/IP stack. There is absolutely no good reason to stuff a portscanner in the kernel.I agree, I think this is an astoundingly bad design decision. Not only is it linux kernel X.Y.Z specific, but also likely to bring down your entire system in the event of a bug. I read through the slides because I was curious why they felt a kernel module was warranted but found no good explanation. They say that running in the kernel means that "Timing is as precise as it can get". I would be interested in the specifics of this (if there are any). On most systems (except windows and amigaOS), Nmap gets its packet arrival times from pcap which should mean it was measured in kernel anyways. I will be sticking with Nmap for the foreseeable future. :) Doug
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- PortBunny - FX and Fabs at 24C3 kx (Jan 05)
- Re: PortBunny - FX and Fabs at 24C3 Fyodor (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 Brandon Enright (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 doug (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 bensonk (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 Tyler Reguly (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 Fyodor (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 Tyler Reguly (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 Tyler Reguly (Jan 14)
- Re: PortBunny - FX and Fabs at 24C3 Brandon Enright (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 Fyodor (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 Martin Mačok (Jan 15)
- <Possible follow-ups>
- Re: PortBunny - FX and Fabs at 24C3 Robert E. Lee (Jan 24)