Re: [NSE] DB2 library and scripts

[Patrick Donnelly <batrick () batbytes com>]

Hi Fyodor,

On Wed, May 12, 2010 at 2:01 PM, Fyodor <fyodor () insecure org> wrote:
> On Wed, May 12, 2010 at 05:33:30PM +0200, Patrik Karlsson wrote:
> > I think this is a great idea. Perhaps this could be considered,
> > when/if implementing a more generic brute force framework as proposed
> > by Martin Swende [1] ?
>
> I agree that a brute force library/framework or is the way to go,
> especially as the scripts get more complex due to parallelisms and
> algorithm optimizations.
>
> That being said, it sometimes is easiest to start with one script and
> experiment/benchmark to figure out what works best.  Then that can be
> ported to a new generalized library.  In other cases (or for other
> people), starting with the generalized library is easier.

It seems to me this is something best handled in the NSock Lua
binding. That is, if a server is "misbehaving" by slowing down replies
or dropping connections then we should lower the parallelism against
the server? This is probably too low level though.

That said, I'm curious why the parallel implementation performed so
poorly. Patrik, do you know how the server was reacting? Was it
dropping connections? Slowing down replies? How does your db2.lua
library handle dropped connection attempts? Does it retry?

-- 
- Patrick Donnelly
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/