Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: nmap snmp scanning
From: Duarte Silva <duarte.silva () serializing me>
Date: Wed, 21 Dec 2011 10:53:39 +0000

On Tuesday 20 December 2011 15:11:20 you wrote:
On Tue, Dec 20, 2011 at 3:03 PM, Duarte Silva

<duarte.silva () serializing me>wrote:
Hi Patrik,

didn't know that. Over the weekend I will setup different SNMP
"providers" to
test the original script against and observe what should be the expected
behaviour, because I have been testing against the JVM SNMP monitoring
facility and the old script wasn't working very well (as I come to think
about
it, maybe it was because I was running the script against my own
machine,
localhost).

Thanks for the feedback,
Duarte

On Monday 19 December 2011 23:24:14 Patrik Karlsson wrote:
On Sun, Dec 18, 2011 at 7:19 PM, Duarte Silva

<duarte.silva () serializing me>wrote:
Hello,

this is a very intial rewrite of the snmp-brute.nse script. As
such, it needs loads of testing. Some stuff is still missing
but I wanted some feedback.

Regards,
Duarte Silva

Hi Duarte,

I've looked over the new script and have a concern with the design

change,

as one of the goals of the new snmp-brute script was to increase
speed. This was achieved by having one thread sending requests out
and
another thread listening with a pcap socket. As we're dealing with
UDP

and

a service that doesn't respond, unless we have the right community,
this design successfully made the script a lot faster than the
initial> 
version.

So I think we should try to address the issues we're seeing while
keeping the current design.

Cheers,
Patrik

Hi again,

You make a valid point. I was also experiencing some trouble with the
current version when running against one of my virtual machines
(Virtualbox), even though the interface was in bridged mode. The problem is
that, for some reason, in Mac Os X libpcap fails to see packets on the host
interface. Not sure whether this is a big enough problem to care about?

Good morning,

I don't think so, since it isn't a normal execution to be scanning localhost.

I'm guessing that an alternative approach could be to set a very short
timeout on the socket (like 1ms) and do a recv on it each time a request is
sent, then make sure to do a number of receives for a certain amount of
time after the last request was sent. That could work and possibly allow us
to maintain the increased speed we have with the current design. But like I
said, I'm not sure it's worth it.

Cheers,
Patrik

Regards,
Duarte Silva

Attachment: smime.p7s
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault