Penetration Testing mailing list archives
Re: Problem with NMap Scans
From: "Nikhil Wagholikar" <visitnikhil () gmail com>
Date: Tue, 5 Feb 2008 10:29:16 +0300
Hello Whitehat, In UDP scanning, Open port is detected with no response and a Closed port is detected with ICMP PORT UNREACHABLE (Code 3, Type 3) response. Linux kernels limit ICMP error message rates, with Port Unreachable set to 80 per 4 seconds, thereafter implementing a 1/4 second penalty if the count is exceeded. This makes the scan slow !! Besides this, what Richard narrated is also applicable many a times, that it depends on factors such as how ISP handles ICMP traffic, firewalls blocking or discarding ICMP traffic etc. Now, there are many work arounds for such situations. One method includes running parallel UDP scans from more than one machine. Other includes to switch from NMAP to some other UDP port scanner like 'Fast Port Scanner'. More information: http://pcwin.com/Internet/Fast_Port_Scanner/index.htm Besides Fast Port Scanner, there are some couple of other port scanners also like scanrand, ipeye etc. You can give a try to these port scanners too and find-out the difference by yourself. --- Nikhil Wagholikar Information Security Analyst NII Consulting Web: http://www.niiconsulting.com/ On Jan 31, 2008 10:44 AM, Richard Golodner <rgolodner () infratection com> wrote:
As UDP is a connectionless protocol, it can take a very long time to complete. There are also other factors involved such as how our ISP handles ICMP traffic, firewallls and just plain old slow computrs scanning even slower ones. I have hd to wait long time to scan some of my friends networks, and it has taken many, many hours. Best of luck to you. most sincerely, Richard -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of whitehat Sent: Monday, January 28, 2008 12:23 PM To: pen-test Subject: Problem with NMap Scans Hi List, I'm using NMap for port scanning and I never faced any problems. But in recent times when I scanned some systems it was showing nearly 8.00 hrs for SYN Scan and 19.00 hrs for UDP Scan to complete. I tried with '-T4' option which is aggressive in nature but it is of no use. Can anybody help what is going on there????? Because we cannot wait up to 8.00 or 19.00 hrs if the Green Zone timings are on. Thanks in advance!!!!!!!!!!!!!! Cheers.......... :-) ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- RE: Problem with NMap Scans Richard Golodner (Feb 04)
- Re: Problem with NMap Scans Nikhil Wagholikar (Feb 05)
- <Possible follow-ups>
- Re: Problem with NMap Scans Liran Cohen (Feb 05)