Re: Scanning - anyone got ball park timings?

[linux seaq <linux () seaq com co>]

Sometime ago "Pete Herzog" <pete () isecom org> (exactly the Thu, 29 May
2003 22:55:03 +0200), wrote:

> Rule of thumb for security testing enumeration-- straight out of
> OSSTMM 2.5 RED--


Hi, right now i'm doing a nessus vuln scan with top20 in a ~3000 hosts /
multiple subnets network (about 90 subnets) all of them about 1 max 2
hops from me.

First i search for online hosts, using nmap scanning for netbios ports
and web ports, it took 2-3 hours without OS fingerprinting (it was done
several times in 2 weeks, so i could get a somehow accurate map form the
network). if i used OS fp it take from 6 to 10 hours to do the whole
scan.


Second i split the hosts detected by subnets (the most populated has
about 200 hosts) and merge the subnets whose population were less than
50 hosts (so i could get 100-200 blocks of ip)

Third i started nessusd (yesterday, to be accurate) and for the first
subnet with 180 hosts it took about 3 hours (2 hops from me).

but today the next subnet (same size/hops) is taking 7 hours.. 

i'll send you the timings after the process is completed.. (well i hope
it would finish some day)


hope this helps

---

Andres Mauricio Mujica
SEAQ SERVICIOS CIA LTDA
www.seaq.com.co

---------------------------------------------------------------------------
----------------------------------------------------------------------------