[Branch] --ignore-after

[Jay Bosamiya <jaybosamiya () gmail com>]

Hi All!

I've been working on the --ignore-after option for a while now.
The option basically ignores any hosts that have too many ports open (as
specified by user).

The branch is at [1]. Previous discussion occurred at [2], [3].

A simplified explanation of the option (in pseudo code) is:

ign_ratio = (user_given_percent / 100) or 1.00
ign_number = MAX( user_given_number, ign_ratio * total_requested_ports )
while port_state = scanner_gets_response() do
    if port_state == open then
        open_ports += 1
        if open_ports >= ign_number then
            ignore_host()
            break
done


There are some things that need to be thought about, however.

1. What should the defaults for -T4 and -T5 be?
Currently, I have set them as 80%,800 and 60%,60 respectively. Maybe
some testing in real (non-lab) scenarios will tell us better about this.

2. Should we change timed out hosts to HOST_IGNORED?
If we decide to do this, it will be as a follow-up (after the branch is
merged).

3. Should Zenmap show ignored hosts differently?
Currently, Zenmap does not show ignored hosts at all (in the left side
list). However, we need to decide whether we should show them, and if we
do, should we show them differently (with probably a different icon or
with italics etc.)

Feedback is welcome, as always :)

Cheers,
Jay

Links:
[1] https://svn.nmap.org/nmap-exp/jay/ignore-after/
[2] http://seclists.org/nmap-dev/2014/q2/545
[3] http://seclists.org/nmap-dev/2014/q3/39
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/