Re: scan-delay enforces serialization - why?

[Martin Mačok <martin.macok () underground cz>]

On Mon, Jan 21, 2008 at 11:37:24AM -0800, Fyodor wrote:

> A different desire is to tell Nmap to send fixed rate packets to
> _speed things up_.

Yes, that was the case, sort of. My colleague needed to set minimal
scan delay (to evade IDS/IPS) while allowing parallel probing of ports
(latency was higher than the minimal delay he needed to enforce). By
using --scan-delay he was forced into one outstanding probe at a time
which made searching for "hidden" ports very slow.

> In that case, Nmap would basically ignore all of its timing controls
> and send at the given fixed rate.

No need for to drop it all, just allowing parallelism when
--scan-delay is used would be enough for us.

> This simple method is how port scanners such as ScanRand and
> UnicornScan work, and I'd like Nmap to have such an option too.

OK, I have nothing against having this "hardcore" option too ;-)

Maybe there should be options like --initial-scan-delay,
--min-scan-delay and --fixed-scan-delay to avoid confusion? Also
"probe" may be a better buzzword instead of "scan" in this option
because it is supposed to be a delay between the "probes" and not
between the "scans".

Thanks,
Martin

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org