Nmap Development mailing list archives
Re: Increasing UDP Scanning with virtual hosts
From: Fyodor <fyodor () insecure org>
Date: Mon, 1 Feb 2010 19:57:56 -0800
On Sat, Jan 30, 2010 at 04:02:53PM -0500, sham0day sham0day wrote:
In order to get around this, it seems possible to speed the UDP scan by changing the source host. So if multiple sources were scanning a target, it can avoid this ICMP port unreachable rate limit because each individual source would get rate-limited (1 per second on linux), but not all sources combined. This would work unless the rate limit was bandwidth-based.
Another approach is to just scan many targets in parallel. That is the approach Nmap focuses on. It doesn't help if you're only scanning one machine, but such a scan will take less than a day even if you're scanning all 65,535 ports at only 1 port per second. Sometimes the rate limits cover a larger network, in which case you might want to randomize your targets if possible so that your probes aren't all going to the same network. Also, with a little bit of manual work you can set up IP aliases and tell Nmap to use those. Then you'd run multiple Nmap instances at once, each with a different port range and -S option. Admittedly that is more of a pain, especially if you want to aggregate all the data together. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Increasing UDP Scanning with virtual hosts sham0day sham0day (Jan 30)
- Re: Increasing UDP Scanning with virtual hosts David Fifield (Feb 01)
- Re: Increasing UDP Scanning with virtual hosts Brandon Enright (Feb 01)
- Re: Increasing UDP Scanning with virtual hosts Fyodor (Feb 01)
- Re: Increasing UDP Scanning with virtual hosts David Fifield (Feb 01)