Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: nse crypto
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Sun, 20 Mar 2011 21:00:32 +0200

I have no idea of a good value. Let's change it if someone reports
problems. I think echo.nmap.org is the nping server with highest load
so we'll probably get informed if it starts failing.

On Sun, Mar 20, 2011 at 8:51 PM, Luis MartinGarcia.
<luis.mgarc () gmail com> wrote:
On 03/15/2011 01:01 AM, David Fifield wrote:
On Tue, Mar 15, 2011 at 01:31:21AM +0200, Toni Ruottu wrote:

What amount should we target. A high value might be good for protecting
against brute force password cracking, but does it also hinder performance
in regular use?
I'm not suggesting that we change the nsock_loop timeout. My guess is
that the way it works now is unintentional (because the comment doesn't
match the code), but the fact that it only allows one password guess per
second could be regarded as a feature. It does mean that when connecting
normally, you could be delayed up to a second.


The comment is obviously wrong so I've changed it to reflect what the
code actually does. However, the code is doing what it's supposed to,
which is, doing asynchronous accept()s at the server side. When I
implemented the Echo server I found out that Nsock does not provide
asynchronous "server-side functions", so I had to introduce a small hack
in order to avoid accept() system calls that block the caller (we need
this since Nping is mono-threaded and non-forkeable by design).

However, Toni, you are right that the code limits incoming connections
to a rate of 1 connection per second. I think this is very reasonable,
but I'm open for discussion if there is interest on decreasing the
timeout value and there are reasons beyond weak password auditing.


Luis MartinGarcia.

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]