Nmap Development mailing list archives
Re: [nmap-svn] r13720 - nmap-exp/ithilgore/ncrack
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Sun, 14 Jun 2009 02:44:19 +0300
Fyodor wrote:
On Fri, Jun 12, 2009 at 04:27:10PM -0700, commit-mailer () insecure org wrote:Log: Initial ideal parallelism is calculated based on min_connection_limit and max_connection_limit and a desired parallelism value based on the timing template. Modified: nmap-exp/ithilgore/ncrack/ncrack.cc ============================================================================== --- nmap-exp/ithilgore/ncrack/ncrack.cc (original) +++ nmap-exp/ithilgore/ncrack/ncrack.cc Fri Jun 12 16:27:10 2009 @@ -590,10 +590,25 @@ /* * If that was our first connection and successfully made it up to the point of * completing an authentication, then calculate initial ideal_parallelism (which - * was 1 previously) based on the min_connection_limit and max_connection_limit. + * was 1 previously) based on the box of min_connection_limit, max_connection_limit + * and a default desired parallelism for each timing template. */ if (serv->just_started == true) { - serv->ideal_parallelism = (serv->min_connection_limit + serv->max_connection_limit) / 2; + long desired_par = 1; + if (o.timing_level == 0) + desired_par = 1; + else if (o.timing_level == 1) + desired_par = 3; + else if (o.timing_level == 2) + desired_par = 4; + else if (o.timing_level == 3) + desired_par = 10; + else if (o.timing_level == 4) + desired_par = 15; + else if (o.timing_level == 5) + desired_par = 20; + + serv->ideal_parallelism = box(serv->min_connection_limit, serv->max_connection_limit, desired_par);Hi Ithilgore. Just some thoughts which came into my head while reading your patch: One idea is to stick with a max parallelism of 1 per service for timing levels 1 and 2. After all, even -T2 is "polite" mode in Nmap parlance. And pounding a service with multiple brute force authentication connections at once is arguably not polite. A higher global number may be reasonable though.
Point taken. iirc Nmap also does something similar. I am going to change that.
Also, I would consider a bigger difference between T3 and T5. If T3 is 10, T5 can maybe be 50. It is "insane mode" after all :). Also, it is again imnportant to differentiate between the allowed parallelism for a single service and for all services being cracked concurrently.
Yes, ideal_parallelism belongs to each service. There is another global variable (that is stored in ServiceGroup) that holds the total number of parallelism for all services.
Also, I realize that these are desired parallelism values above rather than maximum limits.
Indeed. The maximum and minimum limits are calculated at the time the timing template is applied and happens in services.cc like this: void prepare_timing_template(timing_options *timing) { //TODO: select optimal values if (!timing) fatal("%s invalid pointer!\n", __func__); if (o.timing_level == 0) { /* Paranoid */ timing->min_connection_limit = 1; timing->max_connection_limit = 1; timing->auth_tries = 3; timing->connection_delay = 10000; /* 10 secs */ timing->connection_retries = 1; if (o.connection_limit == -1) o.connection_limit = 50; } else if (o.timing_level == 1) { /* Sneaky */ timing->min_connection_limit = 2; timing->max_connection_limit = 4; timing->auth_tries = 3; timing->connection_delay = 7500; timing->connection_retries = 1; if (o.connection_limit == -1) o.connection_limit = 150; } else if (o.timing_level == 2) { /* Polite */ timing->min_connection_limit = 3; timing->max_connection_limit = 5; timing->auth_tries = 5; timing->connection_delay = 5000; timing->connection_retries = 1; if (o.connection_limit == -1) o.connection_limit = 500; } else if (o.timing_level == 4) { /* Aggressive */ timing->min_connection_limit = 10; timing->max_connection_limit = 40; timing->auth_tries = 10; timing->connection_delay = 0; timing->connection_retries = 15; if (o.connection_limit == -1) o.connection_limit = 3000; } else if (o.timing_level == 5) { /* Insane */ timing->min_connection_limit = 15; timing->max_connection_limit = 1000; timing->auth_tries = 10; timing->connection_delay = 0; timing->connection_retries = 20; if (o.connection_limit == -1) o.connection_limit = 10000; } else { /* Normal */ timing->min_connection_limit = 7; timing->max_connection_limit = 30; timing->auth_tries = 6; timing->connection_delay = 0; timing->connection_retries = 10; if (o.connection_limit == -1) o.connection_limit = 1500; } } o.connection_limit is the global variable you were referring to previously and the other are defaults for each template that will be applied to each service separately (but that can be overridden by the user with the relevant option specification). Also as you can see, these are not final values and things are surely going to change as more testing is being done and more modules are being written.
Cheers, -F
Regards, ithilgore _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [nmap-svn] r13720 - nmap-exp/ithilgore/ncrack Fyodor (Jun 13)
- Re: [nmap-svn] r13720 - nmap-exp/ithilgore/ncrack ithilgore (Jun 13)