Re: Idea: Use results from host discovery phase in port scan phase

[Fyodor <fyodor () insecure org>]

On Fri, Mar 04, 2011 at 12:37:20PM -0600, Daniel Miller wrote:
> If something is made of this, then other scan types could benefit as
> well. Results from -PA feed -sA, -PE and -PP feed -sO, etc. Just a
> suggestion.

Thanks for sending the idea, and it might work out in some cases.  But
I'm not sure it is worth the extra code complexity.  Nmap used to have
a "turbo mode" which would make single-port scans faster by using TCP
host discovery results for the port scan.

I think we got rid of that when we made port scanning and host
discovery share the same (better) engine.  Combining the two modes
doesn't help much if you're doing far more port scan probes than host
discovery probes.  It only really helps if you're doing a port sweep
for a small number of ports.  And in that case, it is probably better
to just disable host discovery.  You could also add --open to only
print hosts with open ports.

Similarly, people have asked about doing a TCP connect() scan and then
saving the open socket for use by version detection and/or NSE.  But I
also see that as a lot of code complexity overhead for a relatively
small gain.

Maybe there are some cases of this that are worth implementing.  I'm
just saying that my initial reaction is a bit skeptical.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/