Re: Review: Angry IP Scanner

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 6 Jun 2008 02:27:45 +0530
"Kris Katterjohn" <katterjohn () gmail com> wrote:

...snip...

> One thing I do like about it is the ability to narrow down the random
> IP generation to a given base IP and netmask.  This may not be easy to
> implement in Nmap (since a user may or may not want a reserved IP, and
> the random IP generation code would have to be changed to allow for
> this), and probably not worth it.  For example, if you wanted random
> IPs in the range of 192.*.*.*, should 192.168 be chosen or not?  It's
> still pretty cool, though.

This *is* nice and I've thought about implementing it for Nmap but
every time I give it serious thought I decide that outputting all the
IPs to a list with -sL and then a random section from that list is a
better way to do it.

Do you know if Angry IP Scanner generates collisions (birthday paradox)?

Say you wanted to scan 64 random IPs out of a /24... You'd expect 7.28
duplicates.  Not that bad...

Now suppose you wanted to scan a random section of 10,000 IPs out of
a /16, you'd get 725.5 duplicates.  That's a lot of repeat work.

I'm not aware of any generic algorithm, method, or technique that could
generate numbers in some arbitrary set of ranges without duplicates
that is both fast and memory efficient.  Creative use of a Bloom Filter
(http://en.wikipedia.org/wiki/Bloom_filter) would work but that starts
to get pretty damn time-consuming to do right...

Nmap's current -iR doesn't have to worry about duplicates (much)
because picking from .75 * 2^32 is a lot of sample space.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkhIm4YACgkQqaGPzAsl94KFeACeJgxoSB18R2aTobULNKW+UeF0
SKQAoMPBEla8KhtvfsA9llGp9FHhiU/d
=5kKW
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org