Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [nmap-svn] r13720 - nmap-exp/ithilgore/ncrack
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Sun, 14 Jun 2009 02:44:19 +0300

Fyodor wrote:
On Fri, Jun 12, 2009 at 04:27:10PM -0700, commit-mailer () insecure org wrote:
Log:
Initial ideal parallelism is calculated based on min_connection_limit and max_connection_limit and a desired 
parallelism value based on the timing template.

Modified: nmap-exp/ithilgore/ncrack/ncrack.cc
==============================================================================
--- nmap-exp/ithilgore/ncrack/ncrack.cc      (original)
+++ nmap-exp/ithilgore/ncrack/ncrack.cc      Fri Jun 12 16:27:10 2009
@@ -590,10 +590,25 @@
   /* 
    * If that was our first connection and successfully made it up to the point of
    * completing an authentication, then calculate initial ideal_parallelism (which
-   * was 1 previously) based on the min_connection_limit and max_connection_limit.
+   * was 1 previously) based on the box of min_connection_limit, max_connection_limit
+   * and a default desired parallelism for each timing template.
    */
   if (serv->just_started == true) {
-    serv->ideal_parallelism = (serv->min_connection_limit + serv->max_connection_limit) / 2;
+    long desired_par = 1;
+    if (o.timing_level == 0)
+      desired_par = 1;
+    else if (o.timing_level == 1)
+      desired_par = 3;
+    else if (o.timing_level == 2)
+      desired_par = 4;
+    else if (o.timing_level == 3)
+      desired_par = 10;
+    else if (o.timing_level == 4)
+      desired_par = 15;
+    else if (o.timing_level == 5)
+      desired_par = 20;
+
+    serv->ideal_parallelism = box(serv->min_connection_limit, serv->max_connection_limit, desired_par);

Hi Ithilgore.  Just some thoughts which came into my head while
reading your patch:

One idea is to stick with a max parallelism of 1 per
service for timing levels 1 and 2.  After all, even -T2 is "polite"
mode in Nmap parlance.  And pounding a service with multiple brute
force authentication connections at once is arguably not polite.  A
higher global number may be reasonable though.

Point taken. iirc Nmap also does something similar. I am going to
change that.


Also, I would consider a bigger difference between T3 and T5.  If T3
is 10, T5 can maybe be 50.  It is "insane mode" after all :).  Also,
it is again imnportant to differentiate between the allowed
parallelism for a single service and for all services being cracked
concurrently.

Yes, ideal_parallelism belongs to each service. There is another
global variable (that is stored in ServiceGroup) that holds the
total number of parallelism for all services.


Also, I realize that these are desired parallelism values above rather
than maximum limits.

Indeed. The maximum and minimum limits are calculated at the time
the timing template is applied and happens in services.cc like this:

void
prepare_timing_template(timing_options *timing)
{
  //TODO: select optimal values
  if (!timing)
    fatal("%s invalid pointer!\n", __func__);

  if (o.timing_level == 0) { /* Paranoid */
    timing->min_connection_limit = 1;
    timing->max_connection_limit = 1;
    timing->auth_tries = 3;
    timing->connection_delay = 10000; /* 10 secs */
    timing->connection_retries = 1;
    if (o.connection_limit == -1)
      o.connection_limit = 50;
  } else if (o.timing_level == 1) { /* Sneaky */
    timing->min_connection_limit = 2;
    timing->max_connection_limit = 4;
    timing->auth_tries = 3;
    timing->connection_delay = 7500;
    timing->connection_retries = 1;
    if (o.connection_limit == -1)
      o.connection_limit = 150;
  } else if (o.timing_level == 2) { /* Polite */
    timing->min_connection_limit = 3;
    timing->max_connection_limit = 5;
    timing->auth_tries = 5;
    timing->connection_delay = 5000;
    timing->connection_retries = 1;
    if (o.connection_limit == -1)
      o.connection_limit = 500;
  } else if (o.timing_level == 4) { /* Aggressive */
    timing->min_connection_limit = 10;
    timing->max_connection_limit = 40;
    timing->auth_tries = 10;
    timing->connection_delay = 0;
    timing->connection_retries = 15;
    if (o.connection_limit == -1)
      o.connection_limit = 3000;
  } else if (o.timing_level == 5) { /* Insane */
    timing->min_connection_limit = 15;
    timing->max_connection_limit = 1000;
    timing->auth_tries = 10;
    timing->connection_delay = 0;
    timing->connection_retries = 20;
    if (o.connection_limit == -1)
      o.connection_limit = 10000;
  } else { /* Normal */
    timing->min_connection_limit = 7;
    timing->max_connection_limit = 30;
    timing->auth_tries = 6;
    timing->connection_delay = 0;
    timing->connection_retries = 10;
    if (o.connection_limit == -1)
      o.connection_limit = 1500;
  }
}

o.connection_limit is the global variable you were referring to
previously and the other are defaults for each template that will be
applied to each service separately (but that can be overridden by
the user with the relevant option specification). Also as you can
see, these are not final values and things are surely going to
change as more testing is being done and more modules are being
written.


Cheers,
-F


Regards,
ithilgore

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault