Nmap Development mailing list archives
Re: NMAP performance patch (ICMP Unreachable rate limited)
From: Martin Mačok <martin.macok () underground cz>
Date: Thu, 16 Jun 2005 11:04:38 +0200
On Mon, Jun 13, 2005 at 12:10:17PM -0600, Alec H. Peterson wrote:
I applied this patch to 3.81, but it makes me wonder why it has not been accepted into the actual distribution.
Fyodor's concern was that it could miss some open ports (though he did not specified). I've disagreed ;-)
What are the consequences of using this patch?
AFAIK there aren't any (other than performance and bandwidth usage). We are using this patch for several months in a proffessional pentesting area without any problems so far. On Mon, Jun 13, 2005 at 10:49:32PM +0200, Andreas Ericsson wrote:
That's one of Martin Méoks' (I'm nearly 100% sure I spelled the last name wrong) creations.
That's true. My name is Martin Mačok (iso-latin2) which makes it Martin Macok in ascii.
I believe it was just submitted at a bad time when the Fyodor was revamping a lot of other functionality.
He was moving at the time and busy overall...
It's quite possible it was just forgotten, but I seem to remember at least one user having problems with it not properly detecting some hosts when it's a router that does the limiting (as opposed to the final destination of the packet).
I don't remember such case. If someone has any problem with it, I'm one big ear. On Mon, Jun 13, 2005 at 11:05:50PM +0200, Andreas Ericsson wrote:
I believe there is a revised version which adds the switch --defeat-icmp-rate_limit (or some such) and thus makes the fast behaviour optional while keeping the default behaviour "clean". Perhaps the original patch-author knows more.
No, you are mixing it with another similar patch that is defeating RST rate-limit (fe. Solaris 9 does it). This patch is implemented as an option (--defeat_rst_ratelimit) because when in use Nmap does not distinguish between filtered and closed ports (both are "filtered|closed" then). You could find it at http://Xtrmntr.org/ORBman/tmp/nmap/nmap-3.81-defeat_RST_ratelimit.patch The ICMP-rate-limit patch is not implemented as a cmd-line option because there is no reason to turn it "off" IMHO. Martin Mačok ICT Security Consultant _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- NMAP performance patch (ICMP Unreachable rate limited) Alec H. Peterson (Jun 13)
- Re: NMAP performance patch (ICMP Unreachable rate limited) Andreas Ericsson (Jun 13)
- Re: NMAP performance patch (ICMP Unreachable rate limited) Alec H. Peterson (Jun 13)
- Re: NMAP performance patch (ICMP Unreachable rate limited) Andreas Ericsson (Jun 13)
- Re: NMAP performance patch (ICMP Unreachable rate limited) Alec H. Peterson (Jun 13)
- Re: NMAP performance patch (ICMP Unreachable rate limited) Martin Mačok (Jun 16)
- Re: NMAP performance patch (ICMP Unreachable rate limited) Alec H. Peterson (Jun 13)
- Re: NMAP performance patch (ICMP Unreachable rate limited) Andreas Ericsson (Jun 13)