Nmap Development mailing list archives
Re: tcpwrapper hassle
From: Richard Sammet <richard.sammet () googlemail com>
Date: Mon, 30 Nov 2009 13:55:13 +0100
Hi Edin, you should have look at the "--min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes" option. By setting the hostgroup to a maximum of e.g. 16, nmap will only scan 16 hosts in parallel and after done so it will save the results for those 16 hosts to the log before going on to scan the next 16 hosts. This way you are not going to lose that much result data in case of failure... You should also keep in mind that speeding up a scan will cause you miss some open ports/services. especially if you decide to reduce the timeout values... So its really decision between speed an accuracy... Greetings, Richard On Mon, Nov 30, 2009 at 8:00 AM, Edin Dizdarevic <edind () gmx de> wrote:
Hello list, what I experienced recently was a huge flat ground /16 network with many nodes using tcpwrapper. Some of them were simply showing almost all ports open which just took a lot, I mean _really_ lots of time to scan. First of all I did not expect so many nodes the customer neither - and then (before writing down the scan(!)) nmap crashed a few times consuming 2GB ram. Is there any other, smarter approach than it was mine - I assume there is - to cope with such stuff? The facts/prerequisites for the job were: * Sensitive environment, no aggressive scans allowed but T4 was fine * /16 Network, unknown number of nodes (it came out 1500) * Full TCP and UDP scan with service and OS recognition required * Many systems showing almost all TCP ports open (tcpwrapped) The hints I found in the nmap book about speeding up TCP and UDP scans were extremely helpful but in this case it did not help me that much at the end of the day. (But nice book... ;-)) Regards, Edin _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- tcpwrapper hassle Edin Dizdarevic (Nov 30)
- Re: tcpwrapper hassle Richard Sammet (Nov 30)
- <Possible follow-ups>
- Re: Fwd: Re: tcpwrapper hassle securityfocus () truesec de (Nov 30)