Re: anyone aware of this?

[David Fifield <david () bamsoftware com>]

On Fri, Oct 23, 2009 at 10:14:17AM +0200, kx wrote:
> Mike,
>   If you are on an ethernet LAN you may be able to try this technique
> for scanning your own Windows machine:
>
> http://seclists.org/nmap-dev/2006/q1/318
>
> David Fifield and Fyodor has done some UDP payload development and
> ping probe testing:
>
> http://seclists.org/nmap-dev/2009/q2/490
> http://seclists.org/nmap-dev/2009/q3/22
>
> David and Fyodor,
>   Would you still have the testing framework available to see the
> performance of certain UDP probes improves when the source port
> matches the dest port?

I thought I had all the scripts used to get the results, but I can't
find them all. Luckily the ones that are missing should be easy to
replace. My overall methodology is here:

http://www.bamsoftware.com/wiki/Nmap/EffectivenessOfPingProbes

I just uploaded the analysis scripts to that page too. I don't still
have the netrange.nse script, but it's easy to make from whois.nse. I
use the nmap-bench program for all kinds of benchmarking, not just ping
probe effectiveness. It makes it easy to run the same commands multiple
times on different machines.

We tested different source ports, and setting a source port tends to
increase effectiveness. We didn't try setting the source port always
equal to the destination port.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/