Re: Host timeouts on large SYN scans

[David Fifield <david () bamsoftware com>]

On Mon, Sep 24, 2012 at 02:31:54PM +0200, pierre.lalet () cea fr wrote:
> Hello,
>
> > > When does this happen? Is it 15m after the start of the entire scan, or
> > > 15m after the start of the hostgroup? Or something else?
> > This happens 15m after the start of the hostgroup.
>
> Exactly, or whatever the --host-timeout value is.
>
> > > Can you show us the rest of the command line you are using?
> > I let Pierre answer this, but this we could also observe without any
> > timing/performance related parameter.
>
> Sure, we use :
> -vv -n -oX log.xml -iL - -PS -PA -PU -PE -PP -PO -sS -A --host-timeout 15m
>
> We've also tried --host-timeout 60m with the same results.

Pierre kindly bisected this problem, and encoutnered some difficulties,
but the evidence indicates that this is a new problem, and that the
revision that introduced it is somewhere between r28648 and r29507.

The only substantive change to scan_engine.cc in that range is r29051.
Grepping for "timeout" finds r29215, which affects timeouts for NSE
worker threads, however Pierre said that the problem is not with
inaccurate timeout calculations, but with SYN scans becoming slow.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/