mailing list archives
Re: Suspect that --host-timeout is not working in 4.50?
From: Fyodor <fyodor () insecure org>
Date: Thu, 20 Dec 2007 22:41:35 -0800
On Thu, Dec 20, 2007 at 10:27:29PM -0800, doug () hcsw org wrote:
On Thu, Dec 20, 2007 at 07:05:19PM -0800 or thereabouts, Fyodor wrote:
Yes, NSE (and all other parts of Nmap) need to enforce --host-timeout.
The scripts themselves don't need to worry about it--Nmap itself
should abandon probing a host when the timeout hits. This doesn't
seem to be working for NSE, and that is an important bug which needs
to be fixed.
The attached patch seems to fix it for me.
Are you sure that this works like --host-timeout is supposed to? Note
that --host-timeout is supposed to expire the whole host after the
given amount of running time for that host has passed. So if 9
minutes have passed in port scanning, the host only has 1 minute left.
While another host (which finished port scanning more quickly) may
still have 5 minutes left.
Oh, and the patch removes the minimum time check for the
--host-timeout option (but still gives a warning if it is
below 15 seconds). It is helpful for testing and I think
That is fine for testing, but it is important for the official
version. Otherwise (even when there was an error message saying the
option shouldn't be used so low) I got a bunch of mail complaining
that 5 second timeouts (and the like) didn't work they way they
expected them to. Also, people specify things like 600, thinking it
is in seconds and they are getting 10 minutes, but really they get
6/10 of a second. They might not see a warning message before it
scrolls off the screen, but the fatal error message is crystal clear.
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org