Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nmap snmp scanning

From: Duarte Silva <duarte.silva () serializing me>
Date: Sun, 25 Dec 2011 14:44:50 +0000
Good afternoon,

taking a timeout from all of the Christmas spirit I decided to make a new 
version of the snmp-brute patch.

Patch follows in the attachments,
Duarte Silva

On Wednesday 21 December 2011 10:53:39 Duarte Silva wrote:

On Tuesday 20 December 2011 15:11:20 you wrote:

On Tue, Dec 20, 2011 at 3:03 PM, Duarte Silva

<duarte.silva () serializing me>wrote:

Hi Patrik,

didn't know that. Over the weekend I will setup different SNMP
"providers" to
test the original script against and observe what should be the
expected behaviour, because I have been testing against the JVM
SNMP monitoring facility and the old script wasn't working very
well (as I come to think about
it, maybe it was because I was running the script against my own
machine,
localhost).

Thanks for the feedback,
Duarte

On Monday 19 December 2011 23:24:14 Patrik Karlsson wrote:

On Sun, Dec 18, 2011 at 7:19 PM, Duarte Silva

<duarte.silva () serializing me>wrote:

Hello,

this is a very intial rewrite of the snmp-brute.nse script.
As
such, it needs loads of testing. Some stuff is still missing
but I wanted some feedback.

Regards,
Duarte Silva


Hi Duarte,

I've looked over the new script and have a concern with the
design


change,


as one of the goals of the new snmp-brute script was to increase
speed. This was achieved by having one thread sending requests
out
and
another thread listening with a pcap socket. As we're dealing
with
UDP


and


a service that doesn't respond, unless we have the right
community,
this design successfully made the script a lot faster than the
initial>


version.


So I think we should try to address the issues we're seeing
while
keeping the current design.

Cheers,
Patrik


Hi again,

You make a valid point. I was also experiencing some trouble with the
current version when running against one of my virtual machines
(Virtualbox), even though the interface was in bridged mode. The problem
is that, for some reason, in Mac Os X libpcap fails to see packets on
the host interface. Not sure whether this is a big enough problem to
care about?

Good morning,

I don't think so, since it isn't a normal execution to be scanning
localhost.

I'm guessing that an alternative approach could be to set a very short
timeout on the socket (like 1ms) and do a recv on it each time a request
is sent, then make sure to do a number of receives for a certain amount
of time after the last request was sent. That could work and possibly
allow us to maintain the increased speed we have with the current
design. But like I said, I'm not sure it's worth it.

Cheers,
Patrik


Regards,
Duarte Silva

Attachment: snmp-brute.patch
Description:

Attachment: smime.p7s
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: