Re: PortBunny - FX and Fabs at 24C3

["Tyler Reguly" <ht () computerdefense org>]

I'll definitely be doing some analysis of the numbers... I'll fire along a
url when I post it... it'll most likely be done as a separate post.. I
wanted to keep the raw data separate from my analysis so that the numbers
couldn't be questioned. I will also update the table with the suggestions
you have made (although most likely not until tomorrow).

Tyler.

On 1/14/08, Fyodor <fyodor () insecure org> wrote:
> On Sun, Jan 13, 2008 at 11:42:21PM -0500, Tyler Reguly wrote:
> > Interesting to see this thread here... I actually spent this evening
> doing a
> > comparison between Unicornscan, PortBunny and nmap.
> >
> > The results can be found here: http://www.computerdefense.org/?p=440
>
> Thanks for sharing!  It is nice to see some independent results.  I
> was glad to see that Nmap was the only scanner to get all the ports
> right with its default options, while both PortBunny and UnicornScan
> missed ports.  Nmap missed ports when you specified "-T5 --max-retries
> 0", but there you are asking for it.  There is a reason that -T5 is
> documented as "Insane mode" :).  A good way to look at your results
> (IMHO) is in the total time taken across all five machines compared to
> the total ports missed.  I only worried about the "all ports" scans,
> because I'm not even sure that the other scanners scan the same ports
> by default as Nmap does.  From your table I get:
>
> Scanner                  | Total Time | Missed ports
> ----------------------------------------------------
> UnicornScan              | 88.96s     | 6
> PortBunny                | 2667.08s   | 2
> Nmap                     | 1617.01    | 0
> Nmap -T5 --max-retries 0 | 62.27      | 2
>
> Very interesting!  So with default options, Nmap was the most accurate
> out of all of them and still was much faster than PortBunny.  And with
> "-T5 --max-retries 0", Nmap was the fastest of them all, and still
> tied PortBunny in accuracy while taking barely 1 minute compared to 44
> minutes for PortBunny.
>
> I'll try not to let this get to my head :).
>
> I hope you add some textual analysis to your data, as many people find
> it hard to read pure stats.  Also I have some suggestions for
> improving your table at
> http://www.computerdefense.org/wp-content/uploads/2008/01/comparison.jpg
> if you find time:
>
> o you could add a "total" time column at the end
> o you could add a "total missed ports" column after that
> o you could put times in red for cases where ports were missed (I'd
>   put the total missed ports in read too if nonzero).
>
> Anyway, thanks for posting your independent data.  Isn't it strange
> how it came out a lot differently than all the examples in the
> PortBunny presentation?
>
> Cheers,
> Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org