Re: [NSE] external category anticipated load

[John Bond <john.r.bond () gmail com>]

Hi David,

On 19 April 2012 21:45, David Fifield <david () bamsoftware com> wrote:
> On Wed, Apr 18, 2012 at 11:50:57AM +0200, John Bond wrote:
> > Hello Nmap hackers,
> >
> > I am have written a script which makes use of an external service.
> > The script would be a replacement/compliment to asn-query, targets-asn
> > and whois.  however there is  worry that the increased load would take
> > down the service.  in an effort to try and gauge this i wanted to ask
> > if there is anyone here who would be able to give a good estimate of
> > the number of requests one should expect to see from a script placed
> > in the safe, external and discovery category.
>
> So what's the problem exactly? This some new third-party service that
> aggregates the information already available from different sources? And
> this new service can't handle as much traffic as those other sources,
> but might be more convenient because it gives all the answers at once?
The third party has all the data of these plugins plus a few more;
however the service provider is unsure how much traffic it can take.
they want to support the plugin but want to test their infrastructure
first to ensure it is capable of handeling the load.  I suspect/hope
if it is not they would increase performance so it could.; however
they would not want to release a tool which caused there site to go
down and there for had an effect on their reputation
> > Another concern raised by the service provider was that they would
> > have a record of everyone nmap user that used there service (i.e. web
> > logs).  Is this a genuine worry, has it come up before for other
> > external services?
>
> That's why the external category exists. Any of the externals services
> we use could potentially be logging everything. It's a bit worse if this
> new service is set up exclusively for Nmap use; then it's likely that
> any query the service receives was also the target of a port scan.
that is what i assumed.  the service is not set up exclusively for
nmap so thats not a problem.  I assumed that was what the external
category was for however most external scripts are also in other
categories e.g. safe, discovery.  My personal optinoin is people
should not be running script categories unless they know, or have a
good idea of the type of scripts they are running.  But i wanted to
get the opinion of others

> > Finally the service provider would want to include, in the output, a
> > line stating that the results were provided by them.  Would this be
> > acceptable?
>
> Speaking for myself, I would find that annoying.
I agree, and think this could end up being a crippling punch, although
it could be negociable

cheers
John
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/