Nmap Development mailing list archives
Re: what trickery can nmap take 20 hours to scan 1 host!!
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Sat, 21 Apr 2007 12:14:49 -0500
On 4/21/07, Jan Engelhardt wrote:
On Apr 20 2007 12:48, DePriest, Jason R. wrote:I have run nmap against a host who was trying to do something funny to one of my machines nmap -sS -P0 -O x.x.x.x -p- Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-19 15:08 BST Stats: 0:00:39 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 0.29% done Stats: 4:21:06 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 11.75% done; ETC: 07:45 (14:39:55 remaining) caught SIGINT signal, cleaning up I have run tarpits and but here I am running a SYN scan so it's shouldn't catch it. If I scan a host that doesn't exist on my local subnet like nmap -sS -P0 -O 192.168.x.x -p- Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-19 18:22 BST Nmap finished: 1 IP address (0 hosts up) scanned in 0.317 seconds So it doesn't have any problem when the host doesn't respond, and if I have a tarpit, the ACK from the SYN scan is all it cares about and immediately moves on (I can scan 65535 ports on a tarpitted host in SYN mode instantly). So in a SYN scan, tarpit tricks don't work to make the originator keep retrying, so what is up with this remote host? What can make nmap hang so badly that it would take nearly 20 hours to scan all the ports? This must be some counter scan technology or something.http://jengelh.hopto.org/p/chaostables/ for example... 1024 ports in about 2 minutes -- but only when using `nmap -T5` (decreased result reliablility). Scales linearly with more ports, e.g. 64K ports = 128 minutes. And expect nmap to take a LOT longer in the default -T3. Jan --
I can accurately scan all 65535 TCP ports on a typical non-firewalled Windows host one or two hops away in under 10 minutes. UDP ports are hit or miss... -Jason _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- what trickery can nmap take 20 hours to scan 1 host!! Hari Sekhon (Apr 19)
- Re: what trickery can nmap take 20 hours to scan 1 host!! DePriest, Jason R. (Apr 20)
- Re: what trickery can nmap take 20 hours to scan 1 host!! Jan Engelhardt (Apr 21)
- Re: what trickery can nmap take 20 hours to scan 1 host!! DePriest, Jason R. (Apr 21)
- Re: what trickery can nmap take 20 hours to scan 1 host!! Jan Engelhardt (Apr 21)
- Re: what trickery can nmap take 20 hours to scan 1 host!! Hari Sekhon (Apr 23)
- Re: what trickery can nmap take 20 hours to scan 1 host!! Jan Engelhardt (Apr 23)
- Re: what trickery can nmap take 20 hours to scan 1 host!! DePriest, Jason R. (Apr 23)
- Re: what trickery can nmap take 20 hours to scan 1 host!! Jan Engelhardt (Apr 21)
- Re: what trickery can nmap take 20 hours to scan 1 host!! DePriest, Jason R. (Apr 20)