Re: NMAP performance patch (ICMP Unreachable rate limited)

[Andreas Ericsson <ae () op5 se>]

Alec H. Peterson wrote:
> --On June 13, 2005 22:49:32 +0200 Andreas Ericsson <ae () op5 se> wrote:
>
>
> > That's one of Martin Méoks' (I'm nearly 100% sure I spelled the last
> > name wrong) creations. I believe it was just submitted at a bad time
> > when the Fyodor was revamping a lot of other functionality. It's quite
> > possible it was just forgotten, but I seem to remember at least one user
> > having problems with it not properly detecting some hosts when it's a
> > router that does the limiting (as opposed to the final destination of
> > the packet).
>
>
> Interesting.  I only have one data point right now, but that point includes 
> a cisco router performing the rate limiting (the target is behind the 
> router) and it detected everything just fine...

I probably remembered wrong then. It was quite some time ago after all.

> I would be really interested in other thoughts, because the performance hit 
> of 3.81 versus 2.54BETA31 is really big for this scan (running with -T4).

Nice to see it brought to Fyodors attention then. He probably forgot 
about the patch. I believe there is a revised version which adds the 
switch --defeat-icmp-rate_limit (or some such) and thus makes the fast 
behaviour optional while keeping the default behaviour "clean". Perhaps 
the original patch-author knows more.

Btw, you know about the -P0 option, right? I usuaully use that when I 
know the host I'm scanning is up. It increases performance immensely.

-- 
Andreas Ericsson                   andreas.ericsson () op5 se
OP5 AB                             www.op5.se
Lead Developer


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev