Rate limit branch for anyone interested

[David Fifield <david () bamsoftware com>]

Hello,

When I was working in the nmap-perf branch, one of the things I was not
able to find a solution for was rate limit detection:

http://seclists.org/nmap-dev/2009/q1/0049.html

One of the simple changes that looked promising but wasn't merged was
controlling the sending rate based on a maximum send rate, not a fixed
delay between probes. Brandon at least said he would like to test out
this idea. So I made a branch with just that change:

        svn co --username guest --password "" svn://svn.insecure.org/nmap-exp/david/nmap-rate-limit

Instead of waiting, say, 5 ms between probes, the code will enforce a
maximum rate of 200 probes per second. The first time the rate is
decreased it will become half of the current sending rate. After that it
is halved when necessary. The only exception to this is UDP scans, in
which the first rate drop goes directly to 20 probes per second. The
benefit of this approach is more granularity in limiting the rate. If
you hit a rate limit at 5000 packets per second you will drop down to
2500, not 250 which is what you would get with a 5 ms delay.

I don't have any immediate plans for better rate limit detection so I'm
not going to be working in the branch. Any committers may feel free to
make changes there. This is just an experiment to see how rate limit
detection may be improved. If you have any good ideas or testing
results, send them in.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org