Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] nmap timing info for scripts
From: Fyodor <fyodor () insecure org>
Date: Fri, 13 Jun 2008 17:32:58 -0700

On Fri, Jun 06, 2008 at 09:53:22PM +0100, jah wrote:
On 15/04/2008 01:02, Thomas Buchanan wrote:

I've just been looking at a host that would allow connections to tcp:80,
but nothing more.  Neither showHTMLtitle.nse nor robots.nse set a
timeout for their HTTP GET requests and rely on the default of 30s.
I was thinking of submitting patches using "timing_level()", but it's
not yet in play.
So my questions:
What's the current status of Thomas' patch?

It has just changed from falling-through-the-cracks to applied :).

Would anyone disagree with the idea of setting a timeout for those two
scripts and to use timing_level() (if the patch were to be applied)? 
        (I was thinking of something like
"math.modf(25000/timing_level())" (for T1-5 ) giving 30s, 25s, 12s, 8s,
6s and 5s for T0-T5)
Would it be a good or bad idea to have a default timeout for
http.request() using timing_level()?

Sounds good, except I don't think we need a mathetical model for the
6 timeout values.  How about:

Connection timeouts:
T0-T3: 10s
T4-T5: 5s

GET request read timeouts:
T0-T3: 15s
T4: 10s
T5: 7s

Anyone want to implement this sort of thing now that we have
timing_level()?

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault