Nmap Development mailing list archives
Re: PortBunny - FX and Fabs at 24C3
From: Fyodor <fyodor () insecure org>
Date: Sun, 13 Jan 2008 21:21:46 -0800
On Sun, Jan 13, 2008 at 11:42:21PM -0500, Tyler Reguly wrote:
Interesting to see this thread here... I actually spent this evening doing a comparison between Unicornscan, PortBunny and nmap. The results can be found here: http://www.computerdefense.org/?p=440
Thanks for sharing! It is nice to see some independent results. I was glad to see that Nmap was the only scanner to get all the ports right with its default options, while both PortBunny and UnicornScan missed ports. Nmap missed ports when you specified "-T5 --max-retries 0", but there you are asking for it. There is a reason that -T5 is documented as "Insane mode" :). A good way to look at your results (IMHO) is in the total time taken across all five machines compared to the total ports missed. I only worried about the "all ports" scans, because I'm not even sure that the other scanners scan the same ports by default as Nmap does. From your table I get: Scanner | Total Time | Missed ports ---------------------------------------------------- UnicornScan | 88.96s | 6 PortBunny | 2667.08s | 2 Nmap | 1617.01 | 0 Nmap -T5 --max-retries 0 | 62.27 | 2 Very interesting! So with default options, Nmap was the most accurate out of all of them and still was much faster than PortBunny. And with "-T5 --max-retries 0", Nmap was the fastest of them all, and still tied PortBunny in accuracy while taking barely 1 minute compared to 44 minutes for PortBunny. I'll try not to let this get to my head :). I hope you add some textual analysis to your data, as many people find it hard to read pure stats. Also I have some suggestions for improving your table at http://www.computerdefense.org/wp-content/uploads/2008/01/comparison.jpg if you find time: o you could add a "total" time column at the end o you could add a "total missed ports" column after that o you could put times in red for cases where ports were missed (I'd put the total missed ports in read too if nonzero). Anyway, thanks for posting your independent data. Isn't it strange how it came out a lot differently than all the examples in the PortBunny presentation? Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- PortBunny - FX and Fabs at 24C3 kx (Jan 05)
- Re: PortBunny - FX and Fabs at 24C3 Fyodor (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 Brandon Enright (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 doug (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 bensonk (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 Tyler Reguly (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 Fyodor (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 Tyler Reguly (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 Tyler Reguly (Jan 14)
- Re: PortBunny - FX and Fabs at 24C3 Brandon Enright (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 Fyodor (Jan 13)
- Re: PortBunny - FX and Fabs at 24C3 Martin Mačok (Jan 15)
- <Possible follow-ups>
- Re: PortBunny - FX and Fabs at 24C3 Robert E. Lee (Jan 24)