Nmap Development mailing list archives
Re: [NSE][PATCH] initialize NSE sockets based on timing_level
From: Fyodor <fyodor () insecure org>
Date: Wed, 17 Sep 2008 02:14:28 -0700
On Wed, Sep 17, 2008 at 10:28:46AM +0200, Sven Klemm wrote:
Hi everyone, currently all NSE sockets get initialized with a 30 second timeout. A lot of scripts override this with a static value while the DNS and HTTP library override based on nmap.timing_level(). The attached patch initializes all NSE sockets with a value based on nmap.timing_level(). The values used are 60s,30s,15s,10s,5s,3s.
Hi Sven. Thanks for the patch, but I'm concerned about this trend in general because I don't think we want every timing-related Nmap value to vary based on Timing Template. Only the most important ones, since we should only add this extra complexity where it makes a bid difference in scan speed. The first goal is to find a number which works well in all cases. If such a value can't be found, and the value is a very important one in determining scan times, then varying it based on timing templates can be considered. Maybe the socket timeout values are important enough to warrant this. But before applying anything like this, we need to see the examples of where the curent values are failing (e.g. what scripts are too slow, or so fast that they lose accuracy) and then the proposed new values need to be supported by empirical data or at least some sort of explanation as to where they came from. I think the range of 3s to 60s is probably way too much. I thought the new DNS timing range was way too much too, and so I reduced that. I think that time spent finding a good default is often more useful than defining a huge range based on -T values. So while changing the default socket timeouts may be worthwhile, I think applying a patch at this point would be premature. OTOH, the patch might spark a good discussion on improving the default timeouts. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE][PATCH] initialize NSE sockets based on timing_level Sven Klemm (Sep 17)
- Re: [NSE][PATCH] initialize NSE sockets based on timing_level Fyodor (Sep 17)