Penetration Testing mailing list archives

Re: Scanning - anyone got ball park timings?

From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: 30 May 2003 01:05:32 +0200

On Thu, 2003-05-29 at 21:35, Kurt Seifried wrote:

It sounds like your iSS/OS is patiently waiting for timeouts/etc, and if
this is the case then a scan could take a very long time, especially if the
target is configured to drop packets silently.


Do you scan UDP ports on Solaris targets ?

From the nmap manual :


              Unfortunately  UDP  scanning is sometimes painfully
              slow since most hosts implement a suggestion in RFC
              1812  (section  4.3.2.8) of limiting the ICMP error
              message rate.  For example, the  Linux  kernel  (in
              net/ipv4/icmp.h)   limits  destination  unreachable
              message generation to 80 per 4 seconds, with a  1/4
              second  penalty  if  that is exceeded.  Solaris has
              much more strict limits (about 2 messages per  sec
              ond)  and  thus  takes  even  longer to scan.

Personally I'd use nmap/paketto


Yes, paketto is really a good choice for ultra-fast scanning and/or
heavily filtered hosts.

-- 
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire () exaprobe com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Scanning - anyone got ball park timings? Mark Phillips (May 29)
- Re: Scanning - anyone got ball park timings? Kurt Seifried (May 29)
  - Re: Scanning - anyone got ball park timings? Nicolas Gregoire (May 30)
- RE: Scanning - anyone got ball park timings? Conan the Librarian (May 29)
- RE: Scanning - anyone got ball park timings? Pete Herzog (May 29)
  - Re: Scanning - anyone got ball park timings? linux seaq (May 29)