Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] external category anticipated load
From: John Bond <john.r.bond () gmail com>
Date: Fri, 20 Apr 2012 00:30:07 +0200

Hi David,

On 19 April 2012 21:45, David Fifield <david () bamsoftware com> wrote:
On Wed, Apr 18, 2012 at 11:50:57AM +0200, John Bond wrote:
Hello Nmap hackers,

I am have written a script which makes use of an external service.
The script would be a replacement/compliment to asn-query, targets-asn
and whois.  however there is  worry that the increased load would take
down the service.  in an effort to try and gauge this i wanted to ask
if there is anyone here who would be able to give a good estimate of
the number of requests one should expect to see from a script placed
in the safe, external and discovery category.

So what's the problem exactly? This some new third-party service that
aggregates the information already available from different sources? And
this new service can't handle as much traffic as those other sources,
but might be more convenient because it gives all the answers at once?
The third party has all the data of these plugins plus a few more;
however the service provider is unsure how much traffic it can take.
they want to support the plugin but want to test their infrastructure
first to ensure it is capable of handeling the load.  I suspect/hope
if it is not they would increase performance so it could.; however
they would not want to release a tool which caused there site to go
down and there for had an effect on their reputation

Another concern raised by the service provider was that they would
have a record of everyone nmap user that used there service (i.e. web
logs).  Is this a genuine worry, has it come up before for other
external services?

That's why the external category exists. Any of the externals services
we use could potentially be logging everything. It's a bit worse if this
new service is set up exclusively for Nmap use; then it's likely that
any query the service receives was also the target of a port scan.
that is what i assumed.  the service is not set up exclusively for
nmap so thats not a problem.  I assumed that was what the external
category was for however most external scripts are also in other
categories e.g. safe, discovery.  My personal optinoin is people
should not be running script categories unless they know, or have a
good idea of the type of scripts they are running.  But i wanted to
get the opinion of others

Finally the service provider would want to include, in the output, a
line stating that the results were provided by them.  Would this be

Speaking for myself, I would find that annoying.
I agree, and think this could end up being a crippling punch, although
it could be negociable

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]