Re: Testing requested of nmap-perf branch

[David Fifield <david () bamsoftware com>]

On Thu, Dec 25, 2008 at 02:40:45AM -0700, David Fifield wrote:
> The nmap-perf branch contains a new algorithm for detecting and
> responding to remote rate limiting that I'd like some folks to test. Get
> it with
>
>       svn co --username guest --password "" svn://svn.insecure.org/nmap-exp/david/nmap-perf
>
> You'll recall that Nmap's rate limit detection turns on a scan delay
> that starts at 5 ms (50 ms for UDP) and doubles until it reaches
> 1000 ms. That imposed a severe penalty whenever scan delay kicked in
> when it shouldn't have.
>
> I'm interested in reports of speed and especially accuracy. The new code
> should not be any slower than the old in any case, and may be much
> faster in some cases. Of course any reduction in accuracy will point to
> a flaw in the algorithm that I need to fix. In fact I just found one,
> which I'll deal with later: running a 1000-port UDP scan against Mac OS X
> sometimes goes too fast and misses drops, leading to too many
> open|filtered ports.

I found that this sometimes happens with Nmap trunk too. That is, it's
partly a matter of luck whether scan delay kicks in and keeps the scan
from being inaccurate. Anyway, that particular problem should be fixed
as of nmap-perf r11529, so please give it a try. I'd like to merge these
changes this week to focus on other performance issues.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org