| 1 |
DROP will add about 3 minutes to the total cost of the scan, because |
| 2 |
you need to wait for timeout. This is the slowdown you're seeing. |
| 3 |
However, during those three minutes you can scan 1, 10, or 10000 |
| 4 |
machines, and it will still take only three minutes. |
| 5 |
|
| 6 |
To actually do this you'd probably need to increase nmap's |
| 7 |
--max-parallelism parameter. |
| 8 |
|
| 9 |
|
| 10 |
On Thu, Jan 08, 2004 at 10:29:23AM -0600, Thomas T. Veldhouse wrote: |
| 11 |
> It slows down NMAP plenty ... are you saying it is not a good scanner? |
| 12 |
> |
| 13 |
> Tom Veldhouse |
| 14 |
> |
| 15 |
> P.S. I have to top post the reply because your email is an attachment and I |
| 16 |
> have to cut'n'paste the original message ... I refuse to manually quote it |
| 17 |
> |
| 18 |
> ----- Original Message ----- |
| 19 |
> From: "Edward Faulkner" <edward@×××.EDU> |
| 20 |
> To: "Thomas T. Veldhouse" <veldy@×××××.net> |
| 21 |
> Cc: "Oliver Schad" <o.schad@×××.de>; <gentoo-security@l.g.o> |
| 22 |
> Sent: Thursday, January 08, 2004 10:09 AM |
| 23 |
> Subject: Re: [gentoo-security] firewall suggestions? |
| 24 |
> |
| 25 |
> As has already been pointed out, using DROP would not slow down a good |
| 26 |
> scanner significantly. You could parallelize so that you can scan as |
| 27 |
> many machines as you want, all within one timeout period. |
| 28 |
> |
| 29 |
> And it only takes one good coder to arm all the script kiddies with a |
| 30 |
> good scanner. |
| 31 |
> |
| 32 |
> -Ed Faulkner |
| 33 |
> |
Archives