Nmap Development mailing list archives

Re: [NSE] NTP info gathering script...

From: David Fifield <david () bamsoftware com>
Date: Mon, 21 Dec 2009 13:28:43 -0700

On Mon, Dec 14, 2009 at 06:55:31PM +0100, Richard Sammet wrote:

Hi David,

On Sun, Dec 13, 2009 at 12:46 AM, David Fifield <david () bamsoftware com> wrote:
...

* As a consequence of the above, short timeouts are no longer required,
 so I removed the timeout code to just use the defaults.

...

well, it looks like this was a bad idea ;) I performed some extensive
tests with the version you checked in to the trunk and I noted that
the script now "blocks" the hole scan if no data is returned by the
ntp server while waiting for the default timeout value which is -
obviously - to long.

The benchmarks:

command and options: ./nmap -sU -p 123 --script=ntp-info
XXX.XXX.72.0/24 XXX.XXX.12.0/24 --open -n -T5 --max-hostgroup 128
--max-retries 1 -vvv -PN

Script with default timeouts (version from trunk):

Nmap done: 512 IP addresses (512 hosts up) scanned in 1640.67 seconds
           Raw packets sent: 1021 (77.596KB) | Rcvd: 22 (1608B)

Script with modified timeouts:

Nmap done: 512 IP addresses (512 hosts up) scanned in 65.72 seconds
           Raw packets sent: 1020 (77.520KB) | Rcvd: 18 (1232B)


You're right. I hadn't considered that the script will run for
open|filtered ports. The 30-second default timeout is too long to do
many of those. I think the proposed timeouts of 5500, 3500, 3000, 1500,
and 750 ms, differing based on timing template, are overall too short.
I've set a static timeout of 5000 ms, as is used in some other UDP
scripts, and changed the script not to wait for a response to the second
probe if the first one didn't work.

If this is still too slow, a way to do this scan faster is to increase
--max-parallelism, which will increase the number of simultaneous
sockets used by NSE. It is 20 by default.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [NSE] NTP info gathering script..., (continued)
- - Re: [NSE] NTP info gathering script... Richard Sammet (Nov 30)
    - Re: [NSE] NTP info gathering script... Richard Sammet (Nov 30)
    - Re: [NSE] NTP info gathering script... Matt Selsky (Nov 30)
    - Re: [NSE] NTP info gathering script... Richard Sammet (Dec 01)
    - Re: [NSE] NTP info gathering script... David Fifield (Dec 12)
    - Re: [NSE] NTP info gathering script... Richard Sammet (Dec 12)
    - Re: [NSE] NTP info gathering script... Richard Sammet (Dec 12)
    - Re: [NSE] NTP info gathering script... David Fifield (Dec 12)
    - Re: [NSE] NTP info gathering script... Richard Sammet (Dec 13)
    - Re: [NSE] NTP info gathering script... Richard Sammet (Dec 14)
    - Re: [NSE] NTP info gathering script... David Fifield (Dec 21)
- Re: [NSE] NTP info gathering script... Ron (Dec 21)