Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: NMAP performance patch (ICMP Unreachable rate limited)
From: Andreas Ericsson <ae () op5 se>
Date: Mon, 13 Jun 2005 23:05:50 +0200

Alec H. Peterson wrote:
--On June 13, 2005 22:49:32 +0200 Andreas Ericsson <ae () op5 se> wrote:

That's one of Martin Méoks' (I'm nearly 100% sure I spelled the last
name wrong) creations. I believe it was just submitted at a bad time
when the Fyodor was revamping a lot of other functionality. It's quite
possible it was just forgotten, but I seem to remember at least one user
having problems with it not properly detecting some hosts when it's a
router that does the limiting (as opposed to the final destination of
the packet).

Interesting.  I only have one data point right now, but that point includes 
a cisco router performing the rate limiting (the target is behind the 
router) and it detected everything just fine...

I probably remembered wrong then. It was quite some time ago after all.

I would be really interested in other thoughts, because the performance hit 
of 3.81 versus 2.54BETA31 is really big for this scan (running with -T4).

Nice to see it brought to Fyodors attention then. He probably forgot 
about the patch. I believe there is a revised version which adds the 
switch --defeat-icmp-rate_limit (or some such) and thus makes the fast 
behaviour optional while keeping the default behaviour "clean". Perhaps 
the original patch-author knows more.

Btw, you know about the -P0 option, right? I usuaully use that when I 
know the host I'm scanning is up. It increases performance immensely.

Andreas Ericsson                   andreas.ericsson () op5 se
OP5 AB                             www.op5.se
Lead Developer

Sent through the nmap-dev mailing list

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]