Nmap Development mailing list archives

Re: v3.70 syn sneaky is a self-tarpit

From: Fyodor <fyodor () insecure org>
Date: Mon, 27 Sep 2004 22:00:23 -0700

On Sun, Sep 05, 2004 at 09:25:34PM -0700, Curtis Doty wrote:

Something's amiss with 'sneaky' timing. More often than not, it will 
hang indefinitely on one port; constantly SYNing but not moving on.



Thanks for the report.  This is a problem with the new "port ping"
system.  For firealled hosts, it sends a "ping" packet to the host
every five seconds or so.  But sneaky mode (-T1) causes a scan delay
of 15 seconds between probes.  So every time the 15 seconds elapsed,
another ping was due!  I have put in a fix for the next version so
that it always mixes at least 9 normal probes between pings, even for
very slow scans such as -T1.

Cheers,
Fyodor

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org

Current thread:

v3.70 syn sneaky is a self-tarpit Curtis Doty (Sep 05)
- Re: v3.70 syn sneaky is a self-tarpit Martin Mačok (Sep 23)
- Re: v3.70 syn sneaky is a self-tarpit Fyodor (Sep 27)