Nmap Development mailing list archives

Re: [NSE] snmp-brute port to brute framework

From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 12 Jul 2011 08:19:28 +0200


On Jul 12, 2011, at 12:30 AM, Gorjan Petrovski wrote:

Thanks for the suggestions. Currently I'm testing the throughput with
unconnected sockets. I'm using a virtual machine so any limitations
would be due to slow processing of requests on the server's part. I'm
gonna add the default passwords after I resolve the issues with
communication and losses of passwords. Currently my criteria are that
under no circumstances we should DoS the server, and as a result of
that miss testing some passwords. My thoughts are going toward using
unconnected sockets but somehow limiting the number of probes sent per
second. The host.times.timeout will definitely be of use, but I'll
have to add a heuristic multiplier to that, so now I have to find what
value that multiplier will be.

Patrik, did you test the responsiveness of the server using multiple
probes with the correct password, or was there some mysterious net-fu
of yours at play? I'm asking because AFAIK the only way to find if a
password is wrong is a timeout on a socket (no returned response), so
we can't reliably test the snmp-brute script itself, but we can test
the servers throughput.


Yes, as far as I can tell the only way of determining whether a probe was correct or not is to wait for a) an answer or 
b) a timeout.
I didn't get very far in testing concurrent probes and server responsiveness. 
I only did some limited testing and realized that it would be possible to run a number of parallel probes that I could 
wait on simultaneously.
Like I mentioned in my post, I moved on to SIP instead as my goal was really to implement an UDP based brute script.
If you need help testing, feel free to send me your current script. I have some virtual machines running SNMP I can 
test against.

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 06)
- Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 07)
  - Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 07)
    - Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 07)
- Re: [NSE] snmp-brute port to brute framework David Fifield (Jul 11)
  - Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 11)
    - Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 11)
    - Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 12)
    - Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 12)
    - Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 12)
    - Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 12)
    - Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 12)
    - Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 14)
    - Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 14)
    - Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 15)
    - Re: [NSE] snmp-brute port to brute framework Toni Ruottu (Jul 15)
    - Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 17)

(Thread continues...)