mailing list archives
Re: [NSE] nmap timing info for scripts
From: Fyodor <fyodor () insecure org>
Date: Fri, 13 Jun 2008 17:32:58 -0700
On Fri, Jun 06, 2008 at 09:53:22PM +0100, jah wrote:
On 15/04/2008 01:02, Thomas Buchanan wrote:
I've just been looking at a host that would allow connections to tcp:80,
but nothing more. Neither showHTMLtitle.nse nor robots.nse set a
timeout for their HTTP GET requests and rely on the default of 30s.
I was thinking of submitting patches using "timing_level()", but it's
not yet in play.
So my questions:
What's the current status of Thomas' patch?
It has just changed from falling-through-the-cracks to applied :).
Would anyone disagree with the idea of setting a timeout for those two
scripts and to use timing_level() (if the patch were to be applied)?
(I was thinking of something like
"math.modf(25000/timing_level())" (for T1-5 ) giving 30s, 25s, 12s, 8s,
6s and 5s for T0-T5)
Would it be a good or bad idea to have a default timeout for
http.request() using timing_level()?
Sounds good, except I don't think we need a mathetical model for the
6 timeout values. How about:
GET request read timeouts:
Anyone want to implement this sort of thing now that we have
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org