Re: Host timeouts on large SYN scans

[Henri Doreau <henri.doreau () gmail com>]

Hello,

I work with Pierre and we've been troubleshooting (in vain, so far)
this issue together. Some answers inline below.

2012/9/21 David Fifield <david () bamsoftware com>:
> When does this happen? Is it 15m after the start of the entire scan, or
> 15m after the start of the hostgroup? Or something else?
This happens 15m after the start of the hostgroup.

> Sometimes SYN scans can go slowly enough that they reach a host timeout.
> You can try the option --defeat-rst-ratelimit as RST rate limiting is
> the msot likely thing to severely slow down a SYN scan. It's strange
> that it happens to the whole group at once, though. It might be a bug
> with stopping and restarting the timeout timers.
We didn't try --defeat-rst-ratelimit, but also we know that there's no
device rate-limiting. Targets are supplied in a random order, first
hostgroups always succeed, next ones always fail. If you stop and
restart immediately you get the same behavior again. Because of this
we kind of excluded a network-related issue.

> Can you show us the rest of the command line you are using?
I let Pierre answer this, but this we could also observe without any
timing/performance related parameter.

> Does this same thing happen if you write 4096 IP addresses in random
> order to a file, and then read -iL from that file?
This is one of the next things we wanted to try, not done yet.

Running a single nmap instance per target (XX being launched in
parallel, with XX the hostgroup size we use now) works fine.

Regards

-- 
Henri
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/