mailing list archives
Statistical Data for use in Scans
From: Andrew Johnston <ahjohnston25 () gmail com>
Date: Wed, 25 May 2011 19:25:45 -0400
I had a thought which I believe might be of interest to some of the expert
programmers responsible for Nmap's astounding progress.
If multiple hosts are scanned, why not use the data to guess at what the
next server runs?
For example, if an Nmap user decides to scan a subnet, Nmap will start
scanning one of the hosts in the scope for open ports (For simplicity, I'm
ignoring the ping scan portion). Let's say the first machine runs HTTP and
HTTPS on the standard ports. On the second machine, it is the same case,
perhaps one other port is open (an outlier in this case).
What if Nmap could use this data and organize the probes based on
the likelihood for response? It would still scan the other ports, but
prioritize the scan so that if the machine were to become unresponsive for
some reason, the scanner would have the most data possible, perhaps
even avoiding the need to rescan the hosts at a slower rate.
Not sure if this has been asked before, but I thought I'd throw it out
Andrew Johnston is a Mensa Member
Visit American Mensa at http://www.us.mensa.org
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- Statistical Data for use in Scans Andrew Johnston (May 25)