Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tcpwrapper hassle

From: Richard Sammet <richard.sammet () googlemail com>
Date: Mon, 30 Nov 2009 13:55:13 +0100
Hi Edin,

you should have  look at the "--min-hostgroup/max-hostgroup <size>:
Parallel host scan group sizes" option.

By setting the hostgroup to a maximum of e.g. 16, nmap will only scan
16 hosts in parallel and after done so it will save the results for
those 16 hosts to the log before going on to scan the next 16 hosts.

This way you are not going to lose that much result data in case of  failure...

You should also keep in mind that speeding up a scan will cause you
miss some open ports/services. especially if you decide to reduce the
timeout values... So its really decision between speed an accuracy...


Greetings,
Richard


On Mon, Nov 30, 2009 at 8:00 AM, Edin Dizdarevic <edind () gmx de> wrote:

Hello list,

what I experienced recently was a huge flat ground /16 network with many
 nodes using tcpwrapper. Some of them were simply showing almost all ports
open which just took a lot, I mean _really_ lots of time to scan.

First of all I did not expect so many nodes the customer neither - and then
(before writing down the scan(!)) nmap crashed a few times consuming 2GB
ram.

Is there any other, smarter approach than it was mine - I assume there is -
to cope with such stuff?

The facts/prerequisites for the job were:

* Sensitive environment, no aggressive scans allowed but T4 was fine
* /16 Network, unknown number of nodes (it came out 1500)
* Full TCP and UDP scan with service and OS recognition required
* Many systems showing almost all TCP ports open (tcpwrapped)

The hints I found in the nmap book about speeding up TCP and UDP scans were
extremely helpful but in this case it did not help me that much at the end
of the day. (But nice book... ;-))

Regards,
Edin
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: