Penetration Testing mailing list archives
RE: Discovery Scanning Issues
From: "Lyal Collins" <lyal.collins () key2it com au>
Date: Sun, 8 Jan 2006 13:47:52 +1100
Ps. The -T Polite setting just seems essential to ensure all ports and actually tested - has anyone else noticed this? Again, my experience is that even on Suse9.3 and a 100MBits LAN, nmap exhausts the ip_conntrack pool (~49,000) although the machine has 768Mb of RAM. This ip_conntrack issue seems to pop up lots of places, just not noticed so much on LAN-style environments Lyal -----Original Message----- From: kataka () hush com [mailto:kataka () hush com] Sent: Sunday, 8 January 2006 2:48 AM To: pen-test () securityfocus com Subject: DSL: Discovery Scanning Issues DSL was finally brought to where I live, and I have started experimenting with discovery scans using Nmap. The problem is, if I try and scan for more than 1024 ports on a single host, my cheep-o Zoom DSL router/modem/switch/thingy starts to flake out, in the sense I can't ping my DSL router any more and I loose connectivity to the Internet until I reset the router. I believe this is because Nmap is filling up my router's NAT pool or something. I've looked at the config of the router and it's only got a 1024 connection NAPT port limit that cannot be adjusted and timeouts measured in seconds as opposed to ms. What should I do? Are other people with low-end DSL routers able to overcome this problem? Should I look at getting a better router, if so, what kind? Or, is it best to not scan through NAT and assign my Internet Routable IP to my scanning box directly? If so, how would this work under DSL, would I need to buy some kind of an Ethernet to RJ-11 adapter card, configure routing, install PPP encapsulation software on the box itself? Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- DSL: Discovery Scanning Issues kataka (Jan 07)
- Re: Discovery Scanning Issues Carlos A. Morillo (Jan 07)
- Re: DSL: Discovery Scanning Issues gat0r (Jan 07)
- Re: DSL: Discovery Scanning Issues Lynx (Jan 07)
- RE: Discovery Scanning Issues Lyal Collins (Jan 07)
- RE: Discovery Scanning Issues Lyal Collins (Jan 07)