Nmap Development mailing list archives
Re: [NSE] NTP info gathering script...
From: Richard Sammet <richard.sammet () googlemail com>
Date: Mon, 14 Dec 2009 18:55:31 +0100
Hi David, On Sun, Dec 13, 2009 at 12:46 AM, David Fifield <david () bamsoftware com> wrote: ...
* As a consequence of the above, short timeouts are no longer required, so I removed the timeout code to just use the defaults.
... well, it looks like this was a bad idea ;) I performed some extensive tests with the version you checked in to the trunk and I noted that the script now "blocks" the hole scan if no data is returned by the ntp server while waiting for the default timeout value which is - obviously - to long. The benchmarks: command and options: ./nmap -sU -p 123 --script=ntp-info XXX.XXX.72.0/24 XXX.XXX.12.0/24 --open -n -T5 --max-hostgroup 128 --max-retries 1 -vvv -PN Script with default timeouts (version from trunk): result: Two NTP services identified and fingerprinted. 123/udp open ntp |_ntp-info: receive time stamp: Mon Dec 14 18:33:59 2009 ... 123/udp open ntp | ntp-info: | receive time stamp: Mon Dec 14 18:18:51 2009 | version: ntpd 4.2.4p4@1.1520-o Wed May 13 21:06:31 UTC 2009 (1) | processor: x86_64 | system: Linux/2.6.24-24-server ... Nmap done: 512 IP addresses (512 hosts up) scanned in 1640.67 seconds Raw packets sent: 1021 (77.596KB) | Rcvd: 22 (1608B) Script with modified timeouts: result: Two NTP services identified and fingerprinted (same like above). 123/udp open ntp |_ntp-info: receive time stamp: Mon Dec 14 18:06:32 2009 ... 123/udp open ntp | ntp-info: | receive time stamp: Mon Dec 14 18:05:56 2009 | version: ntpd 4.2.4p4@1.1520-o Wed May 13 21:06:31 UTC 2009 (1) | processor: x86_64 | system: Linux/2.6.24-24-server ... Nmap done: 512 IP addresses (512 hosts up) scanned in 65.72 seconds Raw packets sent: 1020 (77.520KB) | Rcvd: 18 (1232B) Well, a quick look at the total scan time shows the huge difference: 1640.67 seconds (with default timeout) vs. 65.72 seconds (with timeout respecting the global timeout settings) Please find the patched version attached. Greetings, Richard
Attachment:
ntp-info.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] NTP info gathering script..., (continued)
- Re: [NSE] NTP info gathering script... Matt Selsky (Nov 29)
- Re: [NSE] NTP info gathering script... Richard Sammet (Nov 30)
- Re: [NSE] NTP info gathering script... Richard Sammet (Nov 30)
- Re: [NSE] NTP info gathering script... Matt Selsky (Nov 30)
- Re: [NSE] NTP info gathering script... Richard Sammet (Dec 01)
- Re: [NSE] NTP info gathering script... David Fifield (Dec 12)
- Re: [NSE] NTP info gathering script... Richard Sammet (Dec 12)
- Re: [NSE] NTP info gathering script... Richard Sammet (Dec 12)
- Re: [NSE] NTP info gathering script... David Fifield (Dec 12)
- Re: [NSE] NTP info gathering script... Richard Sammet (Dec 13)
- Re: [NSE] NTP info gathering script... Richard Sammet (Dec 14)
- Re: [NSE] NTP info gathering script... David Fifield (Dec 21)
- Re: [NSE] NTP info gathering script... Richard Sammet (Nov 30)
- Re: [NSE] NTP info gathering script... Matt Selsky (Nov 29)