Re: [Branch] --ignore-after

[Jay Bosamiya <jaybosamiya () gmail com>]

On Wednesday 30 July 2014 05:47 PM, Jacek Wielemborek wrote:
> Why would timing affect ouput at all?
The idea is to put it in the timing templates to increase the speed in
scanning. If you are scanning a set of systems using -T5, you probably
don't expect any system to have greater than 60 (say) ports open. It is
much more likely that the system has portspoof [1] or something similar
if more than 60 ports are open. There is no point in wasting time in
scanning (or running service detection on) such a system.
> I don't like completely skipping it in the list - the user should have a
> chance to notice that such a host is there so that she could e.g.
> re-scan it with -sV to get a more meaningful output.
I agree, however, I haven't modified Zenmap at all, yet. This is the
reason it doesn't show up.
I personally think showing the ignored hosts with a different colour
(maybe a grey) might be best.

Just to clarify: --ignore-after is not just an output modifying option.
Its main purpose is to speed up scans when there is a possibility that
the host might be using something similar to portspoof etc.

Links:
[1] http://portspoof.org/
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/