Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Review: Angry IP Scanner
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 6 Jun 2008 02:05:52 +0000

Hash: SHA1

On Fri, 6 Jun 2008 02:27:45 +0530
"Kris Katterjohn" <katterjohn () gmail com> wrote:


One thing I do like about it is the ability to narrow down the random
IP generation to a given base IP and netmask.  This may not be easy to
implement in Nmap (since a user may or may not want a reserved IP, and
the random IP generation code would have to be changed to allow for
this), and probably not worth it.  For example, if you wanted random
IPs in the range of 192.*.*.*, should 192.168 be chosen or not?  It's
still pretty cool, though.

This *is* nice and I've thought about implementing it for Nmap but
every time I give it serious thought I decide that outputting all the
IPs to a list with -sL and then a random section from that list is a
better way to do it.

Do you know if Angry IP Scanner generates collisions (birthday paradox)?

Say you wanted to scan 64 random IPs out of a /24... You'd expect 7.28
duplicates.  Not that bad...

Now suppose you wanted to scan a random section of 10,000 IPs out of
a /16, you'd get 725.5 duplicates.  That's a lot of repeat work.

I'm not aware of any generic algorithm, method, or technique that could
generate numbers in some arbitrary set of ranges without duplicates
that is both fast and memory efficient.  Creative use of a Bloom Filter
(http://en.wikipedia.org/wiki/Bloom_filter) would work but that starts
to get pretty damn time-consuming to do right...

Nmap's current -iR doesn't have to worry about duplicates (much)
because picking from .75 * 2^32 is a lot of sample space.


Version: GnuPG v2.0.9 (GNU/Linux)


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]