Re: Increasing UDP Scanning with virtual hosts

[Fyodor <fyodor () insecure org>]

On Sat, Jan 30, 2010 at 04:02:53PM -0500, sham0day sham0day wrote:
> In order to get around this, it seems possible to speed the UDP scan by
> changing the source host. So if multiple sources were scanning a target, it
> can avoid this ICMP port unreachable rate limit because each individual
> source would get rate-limited (1 per second on linux), but not all sources
> combined. This would work unless the rate limit was bandwidth-based.

Another approach is to just scan many targets in parallel.  That is
the approach Nmap focuses on.  It doesn't help if you're only scanning
one machine, but such a scan will take less than a day even if you're
scanning all 65,535 ports at only 1 port per second.  Sometimes the
rate limits cover a larger network, in which case you might want to
randomize your targets if possible so that your probes aren't all
going to the same network.

Also, with a little bit of manual work you can set up IP aliases and
tell Nmap to use those.  Then you'd run multiple Nmap instances at
once, each with a different port range and -S option.  Admittedly that
is more of a pain, especially if you want to aggregate all the data
together.

Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/