Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nmap & Stateful Firewalls

From: David Fifield <david () bamsoftware com>
Date: Fri, 16 Jan 2009 15:35:42 -0700
On Fri, Jan 16, 2009 at 03:20:49PM -0500, Ron Dembo wrote:

Short story:  I was wondering if there's a way to hard limit the connections
that a Nmap scan makes so that it won't completely fill a stateful
firewall.  I've read the Nmap man page and documentation and none of the
performance options I see given there will guarantee that Nmap will only
open up a max of X number of connections at any given time.  I've tried
timeouts, delays between packets, etc to no avail.  Does anyone have any
suggestions?


--max-parallelism should be what you want. That puts an absolute cap on
the number of connections that will be open at a time. It defaults to
300, though scans don't necessarily get up that high. --max-rate might
help too; that puts a limit on how fast connections are made, without
regard to how many are open at once.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: