Re: [NSE] Target time out checks

[Ron <ron () skullsecurity net>]

Patrick Donnelly wrote:
> Currently NSE starts the time out clock for all the hosts in a
> runlevel group before beginning the scan. If there is an extremely
> large group, some hosts may not be handled before a script thread is
> mistakenly timed out (even when it has no connections open). Also, a
> script may not actually be accessing that host at the time (whois.nse
> will query the whois databse, not the target!!). For this reason, I do
> not believe that the Target.timedOut method is appropriate for the
> Script Engine. However, the target.startTimeOutClock and
> target.stopTimeOutClock methods are still useful for tracking the
> length of time the host was scanned (even if indirectly).
>
> I have attached a patch that removes the checks to see if the target
> host has timed out. If there are no complaints/problems/concerns I
> will apply this in a couple days.
>
> Cheers,

I may be understanding this wrong, so correct me if I am, but I think 
that the script timeout has a good side and a bad side.

On the plus side, it saves us from locking up for good when a script 
holding a mutex crashes. Other scripts waiting for that mutex will 
eventually time out.

On the downside, if 5000 scripts are running at once, some may time out 
accidentally, which isn't good.

That's my quick take on it.
Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org