Re: nmap snmp scanning

[Duarte Silva <duarte.silva () serializing me>]

On Tuesday 20 December 2011 15:11:20 you wrote:
> On Tue, Dec 20, 2011 at 3:03 PM, Duarte Silva
>
> <duarte.silva () serializing me>wrote:
> > Hi Patrik,
> >
> > didn't know that. Over the weekend I will setup different SNMP
> > "providers" to
> > test the original script against and observe what should be the expected
> > behaviour, because I have been testing against the JVM SNMP monitoring
> > facility and the old script wasn't working very well (as I come to think
> > about
> > it, maybe it was because I was running the script against my own
> > machine,
> > localhost).
> >
> > Thanks for the feedback,
> > Duarte
> >
> > On Monday 19 December 2011 23:24:14 Patrik Karlsson wrote:
> > > On Sun, Dec 18, 2011 at 7:19 PM, Duarte Silva
> > >
> > > <duarte.silva () serializing me>wrote:
> > > > Hello,
> > > >
> > > > this is a very intial rewrite of the snmp-brute.nse script. As
> > > > such, it needs loads of testing. Some stuff is still missing
> > > > but I wanted some feedback.
> > > >
> > > > Regards,
> > > > Duarte Silva
> > >
> > > Hi Duarte,
> > >
> > > I've looked over the new script and have a concern with the design
> >
> > change,
> >
> > > as one of the goals of the new snmp-brute script was to increase
> > > speed. This was achieved by having one thread sending requests out
> > > and
> > > another thread listening with a pcap socket. As we're dealing with
> > > UDP
> >
> > and
> >
> > > a service that doesn't respond, unless we have the right community,
> > > this design successfully made the script a lot faster than the
> > > initial> 
> > version.
> >
> > > So I think we should try to address the issues we're seeing while
> > > keeping the current design.
> > >
> > > Cheers,
> > > Patrik
>
> Hi again,
>
> You make a valid point. I was also experiencing some trouble with the
> current version when running against one of my virtual machines
> (Virtualbox), even though the interface was in bridged mode. The problem is
> that, for some reason, in Mac Os X libpcap fails to see packets on the host
> interface. Not sure whether this is a big enough problem to care about?

Good morning,

I don't think so, since it isn't a normal execution to be scanning localhost.

> I'm guessing that an alternative approach could be to set a very short
> timeout on the socket (like 1ms) and do a recv on it each time a request is
> sent, then make sure to do a number of receives for a certain amount of
> time after the last request was sent. That could work and possibly allow us
> to maintain the increased speed we have with the current design. But like I
> said, I'm not sure it's worth it.
>
> Cheers,
> Patrik

Regards,
Duarte Silva

Attachment: smime.p7s
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/