Nmap Development mailing list archives
Re: [Branch] --ignore-after
From: Fyodor <fyodor () nmap org>
Date: Sat, 16 Aug 2014 23:11:00 -0700
On Wed, Aug 13, 2014 at 6:52 PM, Fyodor <fyodor () nmap org> wrote:
On Wed, Jul 30, 2014 at 5:12 AM, Jay Bosamiya <jaybosamiya () gmail com> wrote: I think "80%,80" would be good for -T4. The "60%,60" value for -T5 sounds good to me.
Here it is only 3 days later and I'm already second guessing myself :). I'm starting to think that "50%,80" would be better for -T4. That way, for -F, we'd only ignore if at least 80 ports were open. And for a default (1,000 port) scan, we'd only skip if 500 or more were open. I think 500 open ports out of 1,000 is not a normal system and doing version detection and NSE against all those will likely waste a lot of time. For -T5, maybe a "40%,60" threshold would be good. Right now, in the nmap-exp branch, -T4 gives "90%,90" and -T5 gives "80%,80". This means, even with -T5, an all-ports scan ("-p-") would require 52,428 open ports before bailing. With "40%,60", we could quit sooner--after 26,214 open ports found. And for a default (ports) scan, we could move on after 400 open instead of waiting for 800. Cheers, Fyodor _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [Branch] --ignore-after Jay Bosamiya (Jul 30)
- Re: [Branch] --ignore-after Jacek Wielemborek (Jul 30)
- Re: [Branch] --ignore-after Jay Bosamiya (Jul 30)
- Re: [Branch] --ignore-after Fyodor (Aug 13)
- Re: [Branch] --ignore-after Fyodor (Aug 16)
- Re: [Branch] --ignore-after Jay Bosamiya (Aug 18)
- Re: [Branch] --ignore-after Daniel Miller (Sep 17)
- Re: [Branch] --ignore-after Jay Bosamiya (Sep 18)
- Re: [Branch] --ignore-after Daniel Miller (Sep 18)
- Re: [Branch] --ignore-after Fyodor (Aug 16)
- Re: [Branch] --ignore-after Jacek Wielemborek (Jul 30)