Nmap Development mailing list archives
Re: [NSE] external category anticipated load
From: John Bond <john.r.bond () gmail com>
Date: Mon, 23 Apr 2012 23:07:27 +0200
On 21 April 2012 10:32, Fyodor <fyodor () insecure org> wrote:
On Wed, Apr 18, 2012 at 11:50:57AM +0200, John Bond wrote:I am have written a script which makes use of an external service. The script would be a replacement/compliment to asn-query, targets-asn and whois. however there is worry that the increased load would take down the service. in an effort to try and gauge this i wanted to ask if there is anyone here who would be able to give a good estimate of the number of requests one should expect to see from a script placed in the safe, external and discovery category.Hi John. It would certainly be interesting data, but we don't run any of the 'external' services ourselves and so we don't have it. You could try asking the providers of some of the other 'external' scripts. I doubt the load will be all that high, but it could be material if the service requires a lot of resources per lookup to fulfill it's function. Also, if the service is getting overloaded by queries from Nmap and they aren't happy about it, we could remove the script from future versions of Nmap and move it to our "script vault". I imagine that those scripts only get a tiny fraction of the usage seen by the ones which ship with Nmap.Another concern raised by the service provider was that they would have a record of everyone nmap user that used there service (i.e. web logs). Is this a genuine worry, has it come up before for other external services?That is definitely a concern, and it is why we require that scripts like this be in the "external" category. That way, if folks want to avoid this information leak, they can do thing like "--script 'discovery and not external'". In most cases, I think the privacy risk is mild compared to much of our other common Internet activity. But for particularly sensitive scans, it might matter.Finally the service provider would want to include, in the output, a line stating that the results were provided by them. Would this be acceptable?We wouldn't want advertising, but it's possible that this could be structured so that it meets the company's goals and is actually useful to Nmap users too. After all, it is often important to know the source of your data. Of course we always include the data source in the NSEDoc information. Mentioning the data source in the output, especially if it only takes an extra word or two, might be reasonable. Also, for some scripts, the name of the data source is included in the NSE script name itself. Of course, to evaluate a new script like this, we'd have to see what benefits it offers over the existing asn-query, targets-asn, and whois.
Thanks for the feedback _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] external category anticipated load John Bond (Apr 18)
- Re: [NSE] external category anticipated load David Fifield (Apr 19)
- Re: [NSE] external category anticipated load John Bond (Apr 19)
- Re: [NSE] external category anticipated load Fyodor (Apr 21)
- Re: [NSE] external category anticipated load John Bond (Apr 23)
- Re: [NSE] external category anticipated load David Fifield (Apr 19)