Nmap Development mailing list archives
Increasing UDP Scanning with virtual hosts
From: sham0day sham0day <sham0day () gmail com>
Date: Sat, 30 Jan 2010 16:02:53 -0500
The following strategy was initially intended to increase the speed of UDP scanning, but it could also be used to increase the speed of any host that is rate limited. During a UDP scan if we receive an “ICMP port unreachable” message then we know the port is probably closed. Unfortunately many targets rate-limit the the number of ICMP port unreachable messages to 1 a second (ex Linux hosts). Nmap will throttle its scan to compensate for this. RFC 1812 section 4.3.2.8 states that ICMP rate limits can occur in 3 ways – count based, timer based, and bandwidth based. The first two rate limits appear to target specific source hosts. In order to get around this, it seems possible to speed the UDP scan by changing the source host. So if multiple sources were scanning a target, it can avoid this ICMP port unreachable rate limit because each individual source would get rate-limited (1 per second on linux), but not all sources combined. This would work unless the rate limit was bandwidth-based. So to avoid these rate limits, Nmap could utilize virtual host adapters so it could scan targets from “multiple sources” simultaneously. This would greatly increase the speed of a UDP scan and could also increase the speed of any scan that is getting rate limited. Creating virtual host adapters (with their own IP and MAC) to avoid rate limits could be a great feature in new versions of Nmap. Thoughts? _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Increasing UDP Scanning with virtual hosts sham0day sham0day (Jan 30)
- Re: Increasing UDP Scanning with virtual hosts David Fifield (Feb 01)
- Re: Increasing UDP Scanning with virtual hosts Brandon Enright (Feb 01)
- Re: Increasing UDP Scanning with virtual hosts Fyodor (Feb 01)
- Re: Increasing UDP Scanning with virtual hosts David Fifield (Feb 01)