Nmap Development mailing list archives
Re: [nmap-svn] r13720 - nmap-exp/ithilgore/ncrack
From: Fyodor <fyodor () insecure org>
Date: Sat, 13 Jun 2009 14:30:12 -0700
On Fri, Jun 12, 2009 at 04:27:10PM -0700, commit-mailer () insecure org wrote:
Log: Initial ideal parallelism is calculated based on min_connection_limit and max_connection_limit and a desired parallelism value based on the timing template. Modified: nmap-exp/ithilgore/ncrack/ncrack.cc ============================================================================== --- nmap-exp/ithilgore/ncrack/ncrack.cc (original) +++ nmap-exp/ithilgore/ncrack/ncrack.cc Fri Jun 12 16:27:10 2009 @@ -590,10 +590,25 @@ /* * If that was our first connection and successfully made it up to the point of * completing an authentication, then calculate initial ideal_parallelism (which - * was 1 previously) based on the min_connection_limit and max_connection_limit. + * was 1 previously) based on the box of min_connection_limit, max_connection_limit + * and a default desired parallelism for each timing template. */ if (serv->just_started == true) { - serv->ideal_parallelism = (serv->min_connection_limit + serv->max_connection_limit) / 2; + long desired_par = 1; + if (o.timing_level == 0) + desired_par = 1; + else if (o.timing_level == 1) + desired_par = 3; + else if (o.timing_level == 2) + desired_par = 4; + else if (o.timing_level == 3) + desired_par = 10; + else if (o.timing_level == 4) + desired_par = 15; + else if (o.timing_level == 5) + desired_par = 20; + + serv->ideal_parallelism = box(serv->min_connection_limit, serv->max_connection_limit, desired_par);
Hi Ithilgore. Just some thoughts which came into my head while reading your patch: One idea is to stick with a max parallelism of 1 per service for timing levels 1 and 2. After all, even -T2 is "polite" mode in Nmap parlance. And pounding a service with multiple brute force authentication connections at once is arguably not polite. A higher global number may be reasonable though. Also, I would consider a bigger difference between T3 and T5. If T3 is 10, T5 can maybe be 50. It is "insane mode" after all :). Also, it is again imnportant to differentiate between the allowed parallelism for a single service and for all services being cracked concurrently. Also, I realize that these are desired parallelism values above rather than maximum limits. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [nmap-svn] r13720 - nmap-exp/ithilgore/ncrack Fyodor (Jun 13)
- Re: [nmap-svn] r13720 - nmap-exp/ithilgore/ncrack ithilgore (Jun 13)