Re: nse crypto

[Toni Ruottu <toni.ruottu () iki fi>]

I have no idea of a good value. Let's change it if someone reports
problems. I think echo.nmap.org is the nping server with highest load
so we'll probably get informed if it starts failing.

On Sun, Mar 20, 2011 at 8:51 PM, Luis MartinGarcia.
<luis.mgarc () gmail com> wrote:
> On 03/15/2011 01:01 AM, David Fifield wrote:
> > On Tue, Mar 15, 2011 at 01:31:21AM +0200, Toni Ruottu wrote:
> > > What amount should we target. A high value might be good for protecting
> > > against brute force password cracking, but does it also hinder performance
> > > in regular use?
> > I'm not suggesting that we change the nsock_loop timeout. My guess is
> > that the way it works now is unintentional (because the comment doesn't
> > match the code), but the fact that it only allows one password guess per
> > second could be regarded as a feature. It does mean that when connecting
> > normally, you could be delayed up to a second.
>
> Hi,
>
> The comment is obviously wrong so I've changed it to reflect what the
> code actually does. However, the code is doing what it's supposed to,
> which is, doing asynchronous accept()s at the server side. When I
> implemented the Echo server I found out that Nsock does not provide
> asynchronous "server-side functions", so I had to introduce a small hack
> in order to avoid accept() system calls that block the caller (we need
> this since Nping is mono-threaded and non-forkeable by design).
>
> However, Toni, you are right that the code limits incoming connections
> to a rate of 1 connection per second. I think this is very reasonable,
> but I'm open for discussion if there is interest on decreasing the
> timeout value and there are reasons beyond weak password auditing.
>
> Regards,
>
> Luis MartinGarcia.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/