Nmap Development mailing list archives
Re: Exp Branch for OpenSSL on Windows
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 20 May 2008 01:25:34 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brandon Enright wrote:
On Mon, 19 May 2008 20:15:45 -0500 or thereabouts Kris Katterjohn <katterjohn () gmail com> wrote: ...snip...I rebuilt nmap with openssl, but it didn't have any appreciable effect and I note that in the minute that it took to successfully complete version detection, one of my dual cores was at full-pelt for around 45 seconds. I'll look into this more deeply, but I wonder if anyone else noticed similar?I haven't noticed anything like this happening, but I'll try against some more hosts. Have you been able to look into it any more?For whatever it's worth, I've been scanning millions of hosts the last few days with -sV on SSL ports like 443, 993, 995, etc. My scans are not being limited by my bandwidth but my CPU. SSL is a very CPU intensive task, especially at the initial RSA parts. I don't think there is a bug here, I think people just don't realize how expensive quality public-key crypto is.
Yeah, I've since been able to get my CPU >=90% for 30+ seconds with some hosts. Most of the hosts I test against may cause a spike for a second or two, but I now agree that it seems to be normal for some hosts to throttle the CPU due to SSL. I didn't know it was quite like that :)
Brandon
Thanks a lot, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSDJu2/9K37xXYl36AQKeTw//dyEig+mq/0mc67S4ItDz7kWnVL8QlvRZ FBFdP8rqF4WlrMjbqHsfjUATcBFgbJGk4WskSGpMoF7oYCZRWt/bYNq8CuMLmRXp 7zTAaBdCWDJtZLXN0OKFK0KFst5krnD8vOHF9wi/2QssgYyi9m4yqqy9b9KXOiMd c3Cikx1tEc1Z1jlSJRZ8TM8MAC/aTlWcLbbvIbwjpMV7p9vc6CceJWLGPaVMs5bA KM2sqIr+sNFULzbhsJpo5obBlf1GNClhnD71PDbpOvnPy7EbPW1fl+bzLWlDLthq Cis1sgYHO2fszztYdWKvgmZNth9gfGD/cBpxzkdLmjbcQPw9ZeKStbqXZGfIp806 qMMgNwTwjmZq2nWNrfHcWY9V6sxuyW17meS1KumIicw5qGNkwFhKvwXpH+E4FCb4 dp3PWHaXs+fNsoHF+AukaCMHmIx7RY5lCFuJLX2OppfF3ZdaqV7loc3ZEUSUlxRh V/i9eP5RjIQOpvsKPjeWRDbVjpyAqXwh9NEgDuCib1Qrib41C4n0g3AucpwIFR2r vEaZZisSPZSXrJf6qHvreAyFr7b6pPC4IPPtqNPQaUoN5YMjOderNNDRTcXizP+y sfcWo4KjDkyCHUhFC6ugut36OOSwBoB3gbUyvGcX34bRL5HC/K3N6Y3oycwzZKM7 b/Ln4jhVVo0= =YtOS -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: Exp Branch for OpenSSL on Windows, (continued)
- Re: Exp Branch for OpenSSL on Windows Kris Katterjohn (May 15)
- RE: Exp Branch for OpenSSL on Windows Thomas Buchanan (May 15)
- Re: Exp Branch for OpenSSL on Windows Kris Katterjohn (May 15)
- Re: Exp Branch for OpenSSL on Windows jah (May 15)
- RE: Exp Branch for OpenSSL on Windows Thomas Buchanan (May 15)
- Re: Exp Branch for OpenSSL on Windows DePriest, Jason R. (May 19)
- Re: Exp Branch for OpenSSL on Windows Fyodor (May 19)
- RE: Exp Branch for OpenSSL on Windows Thomas Buchanan (May 15)
- Re: Exp Branch for OpenSSL on Windows Kris Katterjohn (May 15)
- Re: Exp Branch for OpenSSL on Windows jah (May 15)
- Re: Exp Branch for OpenSSL on Windows Kris Katterjohn (May 19)
- Re: Exp Branch for OpenSSL on Windows Brandon Enright (May 19)
- Re: Exp Branch for OpenSSL on Windows Kris Katterjohn (May 19)
- Re: Exp Branch for OpenSSL on Windows Kris Katterjohn (May 20)
- Re: Exp Branch for OpenSSL on Windows Patrick Donnelly (May 21)
- Re: Exp Branch for OpenSSL on Windows Kris Katterjohn (May 21)