mailing list archives
Re: NMAP performance patch (ICMP Unreachable rate limited)
From: Andreas Ericsson <ae () op5 se>
Date: Mon, 13 Jun 2005 23:05:50 +0200
Alec H. Peterson wrote:
--On June 13, 2005 22:49:32 +0200 Andreas Ericsson <ae () op5 se> wrote:
That's one of Martin MÃ©oks' (I'm nearly 100% sure I spelled the last
name wrong) creations. I believe it was just submitted at a bad time
when the Fyodor was revamping a lot of other functionality. It's quite
possible it was just forgotten, but I seem to remember at least one user
having problems with it not properly detecting some hosts when it's a
router that does the limiting (as opposed to the final destination of
Interesting. I only have one data point right now, but that point includes
a cisco router performing the rate limiting (the target is behind the
router) and it detected everything just fine...
I probably remembered wrong then. It was quite some time ago after all.
I would be really interested in other thoughts, because the performance hit
of 3.81 versus 2.54BETA31 is really big for this scan (running with -T4).
Nice to see it brought to Fyodors attention then. He probably forgot
about the patch. I believe there is a revised version which adds the
switch --defeat-icmp-rate_limit (or some such) and thus makes the fast
behaviour optional while keeping the default behaviour "clean". Perhaps
the original patch-author knows more.
Btw, you know about the -P0 option, right? I usuaully use that when I
know the host I'm scanning is up. It increases performance immensely.
Andreas Ericsson andreas.ericsson () op5 se
OP5 AB www.op5.se
Sent through the nmap-dev mailing list