Penetration Testing mailing list archives
Re: faster scans? (nmap)
From: Yann Berthier <Yann.Berthier () hsc fr>
Date: Mon, 3 Jun 2002 22:27:20 +0200
On Mon, 03 Jun 2002, Steve Maks wrote: [context lost thanks to top-posting :p]
Take a look at the rtt options in nmap (min/max/initial_rtt_timeout), it's pretty much required to modify them when you are scanning hosts with -P0. Depending on your connection and the target's connection, you can greatly improve the scan speed.
Yes, but one has to keep in mind it depends a lot of the network lossage: we have seen very unreliable results with nmap - on unreliable networks that is, but when doing a pentest, we can't refuse customers because they have bad connectivity, can we ? :) So back to the subject: scanning large networks is a real problem as a pentester. It can take several nmap runs to adjust the rtt according to the lossage, and to have the more accurate snapshot of the tested network. And then we need to: . scan again with fixed source ports . scan once more while playing with the ttl All of this is very time consuming, and there is no handy solution I know. I think we need new paradigms here (yes, no less), but I'm sure some of you have already thought about this ... <sci-fi on> Imagine now an ipv6 world where /48 networks at least are the norm ... </sci-fi on> - yann. -- Yann.Berthier () hsc fr -*- HSC -*- http://www.hsc.fr/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: faster scans? (nmap), (continued)
- Re: faster scans? (nmap) wirepair (Jun 03)
- Re: faster scans? (nmap) Andreas Junestam (Jun 04)
- Re: faster scans? (nmap) Gregory Duchemin (Jun 04)
- Re: faster scans? (nmap) wirepair (Jun 03)
- Re: faster scans? (nmap) Michael Starr (Jun 03)
- How to portscan a Class B effectively RT (Jun 03)
- Re: How to portscan a Class B effectively batz (Jun 03)
- Re: faster scans? (nmap) Yann Berthier (Jun 03)
- How to portscan a Class B effectively RT (Jun 03)
- Re: faster scans? (nmap) Anders Thulin (Jun 04)
- Re: faster scans? (nmap) miguel . dilaj (Jun 03)
- RE: faster scans? (nmap) Steve Maks (Jun 03)
- Re: faster scans? (nmap) Yann Berthier (Jun 03)
- RE: faster scans? (nmap) JLETOUX (Jun 04)
- Re: faster scans? (nmap) Gregory Duchemin (Jun 04)